Vulnerabilities

Google fixed a serious Chrome bug known as CVE-2024-4058 in the ANGLE graphics layer engine along with four vulnerabilities in the Chrome web browser. CVE-2024-4058 is a vulnerability in the ANGLE graphics layer engine. It allows attackers to execute arbitrary code on macOS systems. Toan Pham and Bao Pham from …

According to a new research bad actors could exploit the DOS-to-NT path conversion process to hide and impersonate files, directories, and processes, gaining rootkit-like capabilities. “When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted …

Cisco has issued security advisories for vulnerabilities in the Cisco integrated management controller. These vulnerabilities could allow a remote cyber threat actor to gain control of a compromised system. Cisco Integrated Management Controller CLI Command Injection Vulnerability:  A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could …

Oracle announced 441 new security patches for its April 2024 Critical Patch Update, with over 200 of them fixing flaws that could be exploited by remote, unauthenticated attackers. Oracle’s advisory reported that about 230 unique CVEs were found in Oracle’s April 2024 CPU, with over 30 security patches addressing critical-severity …

Palo Alto Networks released hotfixes to fix a serious security flaw in PAN-OS software, being actively exploited. The CVE-2024-3400 vulnerability has a critical CVSS score of 10.0. It is a command injection flaw in the  globalProtect feature that allows an unauthenticated attacker to run any code with root privileges on …

The Bitdefender GravityZone Update Server is vulnerable to server-side request forgery (SSRF) because of an incorrect regular expression. Bitdefender’s GravityZone: Bitdefender’s GravityZone Update Server has a critical vulnerability with a CVSS score of 8.1. It could allow an attacker remote network access to compromise the server with low privileges. Bitdefender …

Palo Alto Networks released security updates to high severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – A vulnerability in the PAN-OS software of Palo Alto Networks allows remote attackers to reboot hardware firewalls. Continuous attacks can lead to a DoS situation by …

Microsoft released a patch on Tuesday, April 2024. It includes security updates for 150 flaws and 67 remote code execution bugs. Only three important vulnerabilities were fixed by Patch Tuesday. However, there are more than sixty-seven remote code execution bugs. The majority of these bugs are located in Microsoft SQL …

SonicWall Capture Labs found a vulnerability with the Artica Proxy appliance. This vulnerability affects over 100K servers globally. Artica Proxy is a proxy solution that performs tasks like web filtering, SSL inspection, and bandwidth management. SonicWall has developed measures to mitigate the vulnerability. There is a security vulnerability called CVE-2024-2054 …

The writing is first published to medium where Henry N. Caga wrote about how he find out Google’s vulnerability and achieved hall of fame recognition. Henry N. Caga wrote I stumbled upon a discovery that sent shockwaves through my system: an XSS (Cross-Site Scripting) vulnerability lurking within one of Google’s …