fixed
-
Cisco has fixed a critical command injection vulnerability (CVE-2024-20418) affecting its Ultra-Reliable Wireless Backhaul (URWB) Access Points that can be exploited via a HTTP requests and allows complete compromise of the devices.
-
Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices
-
QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024
-
Google fixed a critical vulnerability in Chrome browser
-
QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024
-
F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP
-
GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution
-
MalBot October 10, 2024, 4:45pm 1 News, Exploits and vulnerabilities Microsoft’s October Patch Tuesday covers five zero-days with two of them actively exploited October 10, 2024 Pieter Arntz The Cybersecurity & Infrastructure Security Agency (CISA) has added two of the five zero-day vulnerabilities from Microsoft’s October Patch Tuesday to its catalog of actively exploited vulnerabilities…
-
Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild.
-
Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices
-
MalBot October 9, 2024, 3:15pm 1 While Microsoft noted Windows systems being targeted with RCE using the flaw, no indicators of compromise or telemetry information regarding the issue have been provided.
-
Qualcomm fixed a zero-day exploited limited, targeted attacks
-
Security & Privacy Posted on October 4th, 2024 by Joshua Long
-
DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10.
-
Progress Software fixed 2 new critical flaws in WhatsUp Gold
-
ESET fixed two privilege escalation flaws in its products
-
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
-
Recently, two memory-related flaws were discovered in QEMU, a popular open-source machine emulator and virtualizer. The vulnerabilities, identified as CVE-2024-26327 and CVE-2024-26328, affect QEMU versions 7.1.0 through 8.2.1. Both vulnerabilities stem from mishandling of memory operations within the QEMU codebase.
-
Broadcom has released fixes for two vulnerabilities affecting VMware vCenter Server that can be triggered by sending a specially crafted network packet, and could lead to remote code execution (CVE-2024-38812) or privilege escalation (CVE-2024-38813).
-
Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812