CISA has released a bulletin that lists over 270 Critical vulnerabilities discovered in various software and hardware in the past week. These vulnerabilities impact popular apps, operating systems, IoT devices, and development frameworks, creating significant risks if not fixed.
Vulnerabilities have been categorized using the Common Vulnerability Scoring System (CVSS).
By infosecbulletin
/ Wednesday , January 22 2025
Fortinet customers must apply the latest updates, as almost 50,000 management interfaces remain vulnerable to the latest zero-day exploit. The...
Read More
By infosecbulletin
/ Tuesday , January 21 2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
By infosecbulletin
/ Tuesday , January 21 2025
Ubuntu 22.04 LTS users are advised to update their systems right away due to a crucial security patch from Canonical...
Read More
By infosecbulletin
/ Tuesday , January 21 2025
Attackers are pretending to be Ukraine's Computer Emergency Response Team (CERT-UA) using AnyDesk to access target computers. “Unidentified individuals are...
Read More
By infosecbulletin
/ Tuesday , January 21 2025
Oracle Critical Patch Update Pre-Release Announcement shares details about the upcoming update scheduled for January 21, 2025. Note that this...
Read More
By infosecbulletin
/ Tuesday , January 21 2025
OWASP has released its updated list of the top 10 vulnerabilities in smart contracts for 2025. This guide highlights the...
Read More
By infosecbulletin
/ Monday , January 20 2025
Security researchers have found several vulnerabilities in Azure DevOps that could enable attackers to inject CRLF queries and carry out...
Read More
By infosecbulletin
/ Monday , January 20 2025
Intel Corporation is a leading semiconductor chip manufacturer, employing at least 22 graduates from the Department of Applied Chemistry and...
Read More
By infosecbulletin
/ Sunday , January 19 2025
vpnMentor’s Research Team is monitoring the potential TikTok ban in the U.S., driven by national security and data privacy issues....
Read More
By infosecbulletin
/ Saturday , January 18 2025
MITRE launched D3FENDTM 1.0, a cybersecurity framework that provides a vocabulary and understanding of the cyber domain. D3FEND 1.0, funded...
Read More
Critical (CVSS 9.0–10.0): Immediate attention required.
High (CVSS 7.0–8.9): Potential to cause major disruptions.
Medium (CVSS 4.0–6.9): Less severe but still actionable.
Low (CVSS 0.0–3.9): Minimal impact.
Top Critical Vulnerabilities:
Some critical vulnerabilities can allow attackers to run harmful code, gain unauthorized access, and steal data.
Critical vulnerabilities (CVE-2024-11317, CVE-2024-48839) in products like ASPECT, MATRIX, and NEXUS Series enable attackers to exploit session fixation, execute remote code, and misuse default credentials.
WordPress Plugins
Widely used plugins such as Roninwp FAT Services Booking (CVE-2024-54221) and Swift Performance Lite (CVE-2024-10516) are vulnerable to SQL injection, file inclusion, and XSS attacks.
IoT and Networking Devices:
Devices like Victure RX1800 WiFi Routers and Zyxel VMG4005-B50A firmware have vulnerabilities that let hackers run malicious code remotely.
ROS2 (Robotic Operating System)
Security vulnerabilities in Open Robotics’ ROS2 can lead to denial-of-service attacks or arbitrary code execution.
Django
SQL injection vulnerabilities in Django’s Oracle database could allow unauthorized access to sensitive data.
Notable High-Severity Vulnerabilities:
Chrome bug (CVE-2024-12053): A flaw in the V8 engine may allow attackers to manipulate objects, potentially leading to code execution via malicious web pages.
ABB ASPECT-Enterprise has vulnerabilities due to improper input validation (CVE-2024-51550) and data sanitization issues (CVE-2024-51541), allowing attackers to inject malicious scripts.
Android Devices:
Some Android parts have security vulnerabilities that can allow unauthorized actions or lead to data corruption.
Widespread Medium-Severity Issues:
While not as urgent, medium-severity vulnerabilities (CVSS 4.0–6.9) still require action:
Several WordPress themes and plugins, such as TI WooCommerce Wishlist and Convert Forms, have XSS vulnerabilities.
Development Frameworks: Issues in libraries like python-multipart could cause service disruptions (CVE-2024-53981).
Networking Devices:
IoT and networking products, including those from Ruijie and Lorex, have serious security vulnerabilities that allow unauthorized access or remote control.
Industrial Systems:
Some industrial systems, such as those from ABB and Siemens, have vulnerabilities that could endanger operational technology environments.
Recommendations:
InfoSecBulletin Cybersecurity for mankind
