Vulnerabilities

Cisco has issued a security advisory (CVE-2024-3596) in the RADIUS protocol, which is widely used for network access authentication and authorization. This vulnerability could let an attacker bypass multi-factor authentication (MFA) and gain unauthorized network access. The vulnerability is due to a problem in the MD5 Response Authenticator signature in …

Google fixed a bug in Chrome’s Password Manager that caused user credentials to vanish temporarily. A problem with Google Chrome’s Password Manager caused an 18-hour outage on Wednesday. This affected users who use the tool to save and automatically fill in their passwords. Many users said they couldn’t find their …

A serious vulnerability, CVE-2023-45249 (CVSS 9.8), has been found in Acronis Cyber Infrastructure (ACI), a widely used software-defined infrastructure solution for cyber protection. The vulnerability is due to the use of default passwords, which could enable remote attackers to run any commands on affected systems, potentially leading to a complete …

Tenable security researchers found a vulnerability in Google Cloud Platform’s Cloud Functions service that could allow an attacker to access other services and sensitive data without permission. Tenable has given the vulnerability the name ConfusedFunction. “An attacker could escalate their privileges to the Default Cloud Build Service Account and access …

GitLab released a security update today to fix six vulnerabilities in its software. Although none of the flaws are critical, there is one high-severity cross-site scripting bug that could seriously affect users who don’t update quickly. The update, which applies to GitLab Community Edition (CE) and Enterprise Edition (EE), includes …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The vulnerabilities are listed below – CVE-2012-4792 (CVSS score: 9.3) – Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) – Twilio Authy Information Disclosure …

CISCO fixed a vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem). The vulnerability could allow an attacker without authentication to change the password of any user, even administrative users. The problem is caused by not implementing the password-change process correctly. An attacker could take advantage …

Ivanti fixed a SQL Injection vulnerability in its Endpoint Management software. This vulnerability, designated as CVE-2024-37381, could have allowed authenticated attackers on the same network to run any code on affected systems. The EPM software is used in many industries to manage different device platforms such as Windows, macOS, Chrome …

The Indian Computer Emergency Response Team (CERT-In) has warned Adobe users about a high-risk cybersecurity issue. Adobe recently found serious security problems in various versions of their software, including Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge. CERT-In classifies the vulnerabilities as “HIGH” severity and advises users to act quickly …

Censys has warned that more than 1.5 million Exim mail transfer agent (MTA) instances are vulnerable to a critical security issue. This vulnerability allows threat actors to bypass security filters. Exim developers fixed a security flaw, tracked as CVE-2024-39929, impacting versions up to 4.97.1. The vulnerability is caused by not …