July 18, 2024 at 06:42AM Cisco has released a patch for CVE-2024-20419, a critical vulnerability in Cisco Smart Software Manager (SSM) On-Prem. Attackers can change any user’s password, posing a significant threat to confidentiality and integrity. The bug affects SSM On-Prem and SSM Satellite. Organizations are advised to upgrade to unaffected versions and apply the … Read more
July 11, 2024 at 10:48AM GitLab has released security updates to address six vulnerabilities in GitLab CE and EE, including a critical-severity bug (CVE-2024-6385) allowing an attacker to trigger a pipeline as another user. The updates also address a medium-severity bug and four low-severity flaws. Users are advised to update their instances promptly due to … Read more
July 2, 2024 at 05:18AM PTC, a product lifecycle management solutions provider, released a patch for a critical vulnerability found in the license server for their Creo Elements/Direct product, affecting version 20.7.0.0 and prior. The flaw, assigned CVE-2024-6071 with a CVSS score of 10, allows unauthenticated remote attackers to execute arbitrary OS commands, potentially enabling … Read more
June 12, 2024 at 12:45PM Fortinet has released patches for multiple vulnerabilities in FortiOS, including stack-based buffer overflow flaws leading to unauthorized code execution. The most severe issue, CVE-2024-23110, impacts FortiOS 6.x and 7.x. Other vulnerabilities include CVE-2024-26010, CVE-2023-46720, and CVE-2024-3661. Customers are advised to upgrade to fixed releases to mitigate potential exploitation. Based on … Read more
June 11, 2024 at 09:52AM Apple released visionOS 1.2 to address numerous vulnerabilities, with the standout CVE-2024-27812 specific to the Vision Pro headset. The update also prompted new security advisories for iOS, macOS, and other products, consolidating CVEs. The vulnerabilities could lead to code execution, information disclosure, and DoS, with the acknowledged researcher considering it … Read more
June 7, 2024 at 02:23PM SolarWinds released version 2024.2 with new features, upgrades, and security patches. This includes fixing high-severity SWQL injection bug (CVE-2024-28996), reported by a NATO-affiliated penetration tester. Other flaws fixed are a high-severity cross-site scripting flaw (CVE-2024-29004) and a medium-severity race condition vulnerability. The update also enhances map functionality and overall stability. … Read more
June 4, 2024 at 06:24AM Cox Communications recently patched several vulnerabilities in their modems, preventing potential remote takeovers by hackers. Discovered in March by expert Sam Curry, the flaws allowed attackers to bypass authorization, gaining control of millions of modems and potentially accessing customer data. Cox promptly addressed the issue after being notified. Key Meeting … Read more
May 23, 2024 at 01:50PM GitLab addressed a high-severity XSS vulnerability allowing unauthenticated attackers to compromise user accounts. Additionally, six medium-severity flaws were fixed, including a CSRF issue and a denial-of-service bug. These vulnerabilities allowed for account takeovers and disruption of services. GitLab urged immediate software updates due to potential impacts on sensitive data and … Read more
May 22, 2024 at 09:03AM GitHub has released patches for a critical-severity vulnerability in Enterprise Server, impacting instances using SAML SSO authentication and encrypted assertions. The CVE-2024-4985 vulnerability allows unauthorized access to administrative privileges. GitHub advises updating to patched releases 3.9.15, 3.10.12, 3.11.10, or 3.12.4 to mitigate the risk. Users are urged to prioritize implementing … Read more
May 16, 2024 at 05:09AM Google released Chrome 125 with patches for nine vulnerabilities, including high-severity bugs CVE-2024-4947 and CVE-2024-4948. Exploitation of CVE-2024-4947 could allow remote code execution, and Google acknowledged its exploitation in the wild. Updates are advised due to recent zero-day vulnerabilities. Bug bounty details have not been disclosed. From the meeting notes, … Read more