Vulnerabilities

Oracle’s October 2024 Critical Patch Update has fixed 334 security vulnerabilities in its products. The CPU affects 28 Oracle product families, with patches for various severity levels. Notably, there are 35 critical updates that fix 16 high-risk vulnerabilities. The Critical Patch Update includes new security patches for Oracle product families. …

Google has released Chrome 130, fixing 17 security vulnerabilities. The update (version 130.0.6723.58/.59 for Windows and Mac, and 130.0.6723.58 for Linux) will be gradually rolled out to users in the coming days and weeks. The most severe vulnerability is CVE-2024-9954, a high-severity use-after-free flaw in Chrome’s AI component. Reported by …

On Sunday, the Shadowserver Foundation revealed that over 87,000 internet-facing Fortinet devices may still be at risk due to (CVE-2024-23113) vulnerability. About CVE-2024-23113: CVE-2024-23113, a format string vulnerability that affects the FortiOS FGFM (FortiGate to FortiManager) daemon and can be triggered via specially crafted requests, was discovered and reported by …

GitLab, a premier platform for DevOps and continuous integration/continuous delivery has rolled out essential security updates in versions 17.4.2, 17.3.5 and 17.2.9 for both community Edition (CE) and enterprises edition (EE). These updates tackles several important vulnerabilities, notably a critical severity flaw (CVE: 2024-9164) that could enable attackers to execute …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, …

Palo Alto Networks released a security advisory (PAN-SA-2024-0010) about several high-severity vulnerabilities in its Expedition migration tool, with CVSS scores between 7.0 and 9.9. Exploiting these flaws could allow attackers to take over firewall admin accounts and access sensitive information like usernames, cleartext passwords, and API keys for PAN-OS firewalls. …

In its recent Patch Tuesday release, Microsoft fixed 118 vulnerabilities, including five zero-day flaws, two of which are currently being exploited. The updates affect multiple Microsoft products, such as Windows, Office, Azure, .NET, and Visual Studio. Zero-Day Vulnerabilities: Among the five zero-day vulnerabilities patched, two were actively exploited in the …

The Cyber Threat Intelligence (CTI) Unit at BGD e-GOV CIRT has discovered a malware campaign involving the Lumma Stealer family. They’ve found that various types of stealer malware are being spread using similar methods. CIRT is monitoring stealer malware campaigns and has found malware that steals sensitive information. Recently, the …

Qualcomm’s October 2024 Security Bulletin reveals critical vulnerabilities in several chipsets, including the popular Snapdragon mobile platforms and FastConnect solutions. These issues impact various system components like WLAN, DSP, and graphics, posing serious security risks to users globally. CVE-2024-43047 (CVSS 7.8) is a vulnerability identified by Google’s Threat Analysis Group …

CISA has issued an urgent alert about critical vulnerabilities being exploited in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM). Organizations using these products are urged to mitigate potential risks immediately. CVE-2024-45519: Synacor Zimbra Collaboration Command Execution Vulnerability: A new vulnerability, CVE-2024-45519, has been found in the Synacor Zimbra Collaboration …