CISA has released a bulletin that lists over 270 Critical vulnerabilities discovered in various software and hardware in the past week. These vulnerabilities impact popular apps, operating systems, IoT devices, and development frameworks, creating significant risks if not fixed.
Vulnerabilities have been categorized using the Common Vulnerability Scoring System (CVSS).
By infosecbulletin
/ Wednesday , December 18 2024
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
By infosecbulletin
/ Wednesday , December 18 2024
CISA has issued Binding Operational Directive (BOD) 25-01, requiring federal civilian agencies to improve the security of their Microsoft 365...
Read More
By infosecbulletin
/ Wednesday , December 18 2024
The Irish Data Protection Commission fined Meta €251 million ($263.6 million) for GDPR violations related to a 2018 data breach...
Read More
By infosecbulletin
/ Wednesday , December 18 2024
More than 25,000 SonicWall SSL VPN devices are vulnerable to critical flaws, with 20,000 running outdated SonicOS/OSX firmware that is...
Read More
By infosecbulletin
/ Tuesday , December 17 2024
Nearly half of the high school’s female students were victimized in AI based deepfake the images and videos. The students...
Read More
By infosecbulletin
/ Monday , December 16 2024
Telecom Namibia experienced a cyber incident that leaked customer data. The company is working with local and international cybersecurity experts...
Read More
By infosecbulletin
/ Monday , December 16 2024
HSBC Bank Australia Limited did not sufficiently safeguard customers from scams that resulted in millions of dollars being lost, as...
Read More
By infosecbulletin
/ Sunday , December 15 2024
On 10Th December, 2024 The US Department of Justice said in a press release that a Chinese-born man named Guang...
Read More
By infosecbulletin
/ Saturday , December 14 2024
Researchers discovered a new Android banking trojan aimed at Indian users. This malware pretends to be essential utility services to...
Read More
By infosecbulletin
/ Saturday , December 14 2024
A whistleblower from OpenAI, Suchir Balaji, an Indian-American ex-researcher at OpenAI who criticized the company's practices, was found dead in...
Read More
Critical (CVSS 9.0–10.0): Immediate attention required.
High (CVSS 7.0–8.9): Potential to cause major disruptions.
Medium (CVSS 4.0–6.9): Less severe but still actionable.
Low (CVSS 0.0–3.9): Minimal impact.
Top Critical Vulnerabilities:
Some critical vulnerabilities can allow attackers to run harmful code, gain unauthorized access, and steal data.
Critical vulnerabilities (CVE-2024-11317, CVE-2024-48839) in products like ASPECT, MATRIX, and NEXUS Series enable attackers to exploit session fixation, execute remote code, and misuse default credentials.
WordPress Plugins
Widely used plugins such as Roninwp FAT Services Booking (CVE-2024-54221) and Swift Performance Lite (CVE-2024-10516) are vulnerable to SQL injection, file inclusion, and XSS attacks.
IoT and Networking Devices:
Devices like Victure RX1800 WiFi Routers and Zyxel VMG4005-B50A firmware have vulnerabilities that let hackers run malicious code remotely.
ROS2 (Robotic Operating System)
Security vulnerabilities in Open Robotics’ ROS2 can lead to denial-of-service attacks or arbitrary code execution.
Django
SQL injection vulnerabilities in Django’s Oracle database could allow unauthorized access to sensitive data.
Notable High-Severity Vulnerabilities:
Chrome bug (CVE-2024-12053): A flaw in the V8 engine may allow attackers to manipulate objects, potentially leading to code execution via malicious web pages.
ABB ASPECT-Enterprise has vulnerabilities due to improper input validation (CVE-2024-51550) and data sanitization issues (CVE-2024-51541), allowing attackers to inject malicious scripts.
Android Devices:
Some Android parts have security vulnerabilities that can allow unauthorized actions or lead to data corruption.
Widespread Medium-Severity Issues:
While not as urgent, medium-severity vulnerabilities (CVSS 4.0–6.9) still require action:
Several WordPress themes and plugins, such as TI WooCommerce Wishlist and Convert Forms, have XSS vulnerabilities.
Development Frameworks: Issues in libraries like python-multipart could cause service disruptions (CVE-2024-53981).
Networking Devices:
IoT and networking products, including those from Ruijie and Lorex, have serious security vulnerabilities that allow unauthorized access or remote control.
Industrial Systems:
Some industrial systems, such as those from ABB and Siemens, have vulnerabilities that could endanger operational technology environments.
Recommendations:
InfoSecBulletin Cybersecurity for mankind
