Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The vulnerabilities are listed below – CVE-2012-4792 (CVSS score: 9.3) – Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) – Twilio Authy Information Disclosure …

CISCO fixed a vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem). The vulnerability could allow an attacker without authentication to change the password of any user, even administrative users. The problem is caused by not implementing the password-change process correctly. An attacker could take advantage …

Ivanti fixed a SQL Injection vulnerability in its Endpoint Management software. This vulnerability, designated as CVE-2024-37381, could have allowed authenticated attackers on the same network to run any code on affected systems. The EPM software is used in many industries to manage different device platforms such as Windows, macOS, Chrome …

The Indian Computer Emergency Response Team (CERT-In) has warned Adobe users about a high-risk cybersecurity issue. Adobe recently found serious security problems in various versions of their software, including Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge. CERT-In classifies the vulnerabilities as “HIGH” severity and advises users to act quickly …

Censys has warned that more than 1.5 million Exim mail transfer agent (MTA) instances are vulnerable to a critical security issue. This vulnerability allows threat actors to bypass security filters. Exim developers fixed a security flaw, tracked as CVE-2024-39929, impacting versions up to 4.97.1. The vulnerability is caused by not …

AT&T, an American telecom service provider, has confirmed a data breach. The data approximately 109 million almost all its wireless customers and customers of mobile virtual network operators (MVNOs) who use AT&T’s wireless network was accessed by threat actors. AT&T’s MVNOs include Black Wireless, Boost Infinite, Consumer Cellular, Cricket Wireless, …

Palo Alto Networks has issued a critical security advisory outlining numerous vulnerabilities across its product lines, such as PAN-OS, Cortex XDR, and Expedition. These weaknesses vary in severity and potential impact, but collectively present a significant risk to organizations that depend on Palo Alto’s solutions. CVE-2024-5910: Missing Authentication in Expedition …

GitLab has issued a warning about a serious vulnerability in its GitLab Community and Enterprise editions. This vulnerability allows attackers to execute pipeline jobs as if they were another user. GitLab’s DevSecOps platform is used by more than 30 million registered users, including T-Mobile, Goldman Sachs, Airbus, Lockheed Martin, Nvidia, …

Adobe released security updates to fix several vulnerabilities in their software. These vulnerabilities could be used by cyber attackers to gain control of a system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply necessary updates: Security Updates Available for Adobe Premiere Pro | APSB24-46: …

The Apache Software Foundation has warned about two serious security issues (CVE-2024-38346 and CVE-2024-39864) in Apache CloudStack, a popular open-source cloud computing platform. These vulnerabilities are a big threat to organizations using CloudStack to manage their virtualized infrastructure. Unauthenticated Cluster Service Port (CVE-2024-38346) The vulnerability CVE-2024-38346 is found in the …