Security News
Ai researches have released proof-of-concept exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE-2024-23108 and CVE-2024-23109 are OS command injection vulnerabilities in the FortiSIEM supervisor and can be exploited remotely, without authentication, with specially crafted API requests.
For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability with an in-the-wild exploit.As per usual, Google keeps technical details of the vulnerability under wraps.
A critical, 10-out-of-10 vulnerability allowing unrestricted access to vulnerable GitHub Enterprise Server instances has been fixed by Microsoft-owned GitHub. There is a catch that may narrow down the pool of potential victims: instances are vulnerable to attack only if they use SAML single sign-on authentication AND have the encrypted assertions feature enabled.
Veeam has patched four vulnerabilities in Backup Enterprise Manager, one of which may allow attackers to bypass authentication and log in to its web interface as any user.Veeam Backup Enterprise Manager is an application that is used to manage the Veeam Backup & Replication solution - a backup/restore app for virtual and physical machines and cloud-based workloads - via a web console.
Researchers have found 15 vulnerabilities in QNAP's network attached storage devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability that may be leveraged for remote code execution. "Given the shared-access model of the NAS device, which permits sharing files with specific users, both authenticated and unauthenticated bugs were of interest to us," they said.
Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of...
All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into...
Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability’s reporter. About...
A new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The...
New versions of Git are out, with fixes for five vulnerabilities, the most critical of which can be used by attackers to remotely execute code during a "Clone" operation.CVE-2024-32002 is a critical vulnerability that allows specially crafted Git repositories with submodules to trick Git into writing files into a.git/ directory instead of the submodule's worktree.