vulnerability

Featured Post
Vulnerabilities

Issued by: Security Affairs

Cisco has addressed a critical vulnerability, tracked as CVE-2024-20419 (CVSS score of 10.0), in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers that allows attackers to change any user’s password. The issue is due to an improper implementation in the password-change process. Threat actors can trigger the vulnerability by sending specially crafted HTTP…

Vulnerabilities

Issued by: DataBreach Today

Cisco on Monday patched a zero-day vulnerability discovered months ago that allowed a China-nexus hacker to execute arbitrary commands as root on the compromised devices. The threat group, dubbed Velvet Ant, remotely connected to Cisco’s NX-OS software used in switches and executed malicious code. The networking giant in an advisory attributes the discovery to cybersecurity…

Vulnerabilities

Issued by: Dark Reading

Juniper Networks has released an emergency patch for a critical authentication bypass vulnerability that has been assigned the highest possible CVSS score of 10. The vulnerability, tracked under CVE-2024-2973, affects the Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Router, and could allow a threat actor to take full control of an…

Vulnerabilities

Issued by: The Hacker News

Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been described as a case of a buffer overflow stemming from the use of an unsafe variable in the…

Vulnerabilities

Issued by: Security Affairs

Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea. The vulnerability is a high-severity type confusion issue in the…

Vulnerabilities

Issued by: Dark Reading

Among the more dangerous of the flaws for which Microsoft released a patch this week on Patch Tuesday is a denial-of-service (DoS) vulnerability publicly disclosed back in February in the Domain Name System Security Extensions (DNSSEC) protocol. The vulnerability, identified as CVE-2023-50868 exists in a third-party DNSSEC mechanism called Next Secure Hash 3 (NSEC3) for…

Vulnerabilities

Issued by: SecurityWeek

Tracked as CVE-2024-4610, the bug is described as a use-after-free issue that could be exploited by local users to make improper GPU memory processing operations. Successful exploitation of the flaw allows a non-privileged attacker to access previously freed memory, Arm explains in an advisory. “Arm is aware of reports of this vulnerability being exploited in…

Vulnerabilities

Issued by: Security Affairs

GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835, that allows attackers to take over user accounts. An attacker can exploit this issue by using a specially crafted page to exfiltrate sensitive user information. The vulnerability impacts versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. The flaw was addressed with the release…

Cloud Security, Vulnerabilities

Issued by: CSO Online

Security researchers at Tenable have discovered a potentially critical memory corruption vulnerability in Fluent Bit, a core component in the monitoring infrastructure of many cloud services. The vulnerability, dubbed Linguistic Lumberjack and tracked as CVE-2024-4323, stems from coding flaws within Fluent Bit’s built-in HTTP server. Left unresolved the vulnerability could lead to denial of service,…