Friday , September 13 2024

Vulnerabilities

Gov.t issues high alert on android devices

Android

Indian Computer Emergency Response Team (CERT-In) issued a high-severity alert for android devices on September 11, 2024 highlighting the vulnerabilities that affect Android versions 12, 12L, 13, and 14. The advisory said, bad attacker could potentially exploit these vulnerabilities to gain access the sensitive information stored in the devices, even …

Read More »

Microsoft patch September 2024 fixes 4 zero-days, 79 flaws

Microsoft

Microsoft patched September 2024 Tuesday addressing 79 vulnerabilities, including four actively exploited zero-days which covers critical flaws in Windows Installer, MoTW, Publisher, and Windows Update. Those flaw are mentioned in September 2024 patch Tuesday are rated as critical, most of which were either remote code execution (RCE) or elevation of …

Read More »

Hacker to exploite GeoServer Vulnerability to Deploy Malware

Geoserver

Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has a CVSS score of 9.8. The report said, for the poor design of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards, the published …

Read More »

IMB unveils multiple vulnerabilities in it’s webMethods Integration

IBM

Multiple vulnerabilities have been published by IBM in its webMethods Integration Server which cloud allow attackers to execute arbitrary commands on affected systems. Those published vulnerabilities have been identified in version 10.15 of the software which pose a severe risk for the organizations to integrate and API management. CVE-2024-45076 has …

Read More »

Progress LoadMaster exposed to a critical 10/10 vulnerability

progress

Progress Software released an emergency fix for a critical vulnerability (10/10) in its Loadmaster and LoadMaster Multi-Tenant Hypervisor products, which allows remote command execution by attackers. CVE-2024-7591 is a flaw that allows remote, unauthenticated attackers to access Loadmaster’s management interface through a manipulated HTTP request due to improper input validation. …

Read More »

Critical Security Flaws Patched in Zyxel Networking Devices

Router

Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions. This flaw could allow the execution of unauthorized commands. The vulnerability known as CVE-2024-7261 (CVSS score: 9.8) involves an operating system (OS) command injection. “The improper neutralization of special elements …

Read More »