#security-vulnerability

#security-vulnerability

Apple patched a vulnerability allowing unauthorized access to sensitive data by bypassing the TCC framework, potentially compromising user privacy.

Apple has addressed a serious security flaw that was being actively exploited, urging users to update their devices promptly.

A high-severity vulnerability in Meta's Llama framework could allow remote code execution via deserialization of untrusted data.

Ben Sadeghipour discovered a critical security vulnerability in Facebook's ad platform, leading to a $100,000 bounty payment from Meta.

A recently patched command-injection vulnerability in Kubernetes could allow remote code execution on Windows endpoints within a cluster.

A critical vulnerability in Kubernetes Image Builder could lead to root access; it has been fixed in version 0.1.38.

Critical security flaw in Apache Struts 2 allows file upload manipulation, posing severe risks of remote code execution; immediate updates are essential.

A critical 9.9-rated unauthenticated RCE flaw is affecting GNU/Linux systems, with no fix yet despite disclosure to developers three weeks ago.

Palo Alto Networks firewalls were compromised due to two security bugs, allowing attackers to deploy backdoors and malware.

GFI KerioControl firewalls have a vulnerability (CVE-2024-52875) allowing remote code execution due to improper input sanitization, posing significant security risks.

Apache MINA's CVE-2024-52046 vulnerability could lead to remote code execution, necessitating urgent updates and careful configuration to mitigate risks.

Users of older D-Link VPN routers should replace their devices to avoid critical security vulnerabilities.

The vulnerability allows for remote code execution without authentication, raising significant security concerns.

Volkswagen experienced a significant data leak exposing the location and personal information of approximately 800,000 electric vehicle owners.

A software glitch left 800,000 Volkswagen electric car owners in Europe vulnerable to fraud risks due to unprotected GPS and personal data.

The CVE-2024-37085 vulnerability allows attackers to gain full control of an ESXi hypervisor by creating specific AD groups, potentially leading to serious security breaches.

Hapn exposed thousands of customer names due to a website bug, raising significant privacy concerns for users and impacting corporate clients.

The database leak included sensitive details of 8,600 GPS trackers, jeopardizing customer and corporate security.

Thousands of WordPress sites are unpatched against a critical vulnerability in the Hunk Companion plugin, exposing them to serious security risks.

A critical vulnerability in the Hunk Companion WordPress plugin allows attackers to install malicious plugins, which can lead to severe security breaches.

Jetpack plugin fixed a critical vulnerability that could expose user-submitted forms to logged-in users.

Over 101 versions of the Jetpack plugin were updated due to this security flaw.

A high-severity security vulnerability in LiteSpeed Cache allows unauthenticated users to gain admin access, potentially jeopardizing WordPress sites.

A vulnerability in AD/LDAP DelAuth allows username-based authentication exploiting cached keys under certain conditions.

A security vulnerability in Styra's Open Policy Agent could leak NTLM hashes, allowing for credential theft and exploitation.

The flaw is linked to improper input validation leading to unauthorized access.

RADIUS, a crucial network protocol, is newly vulnerable, risking control breaches across various critical infrastructure networks.

A critical flaw in Windows Update allows attackers to rollback security patches, potentially exposing systems to known vulnerabilities. The flaw affects certain Windows 10 versions.

Security vulnerability discovered in TSA's login systems could let unauthorized individuals access flight crew records.

SQL injection tested by researchers confirmed serious flaws in the system allowing administrative access without proper authentication.

YubiKey devices have a vulnerability that allows cloning, discovered in the Infineon cryptographic library, affecting many models and with moderate exploit difficulty.

Enterprises using MOVEit Transfer affected versions should immediately patch the critical vulnerability CVE-2024-5806 to prevent unauthorized access.

Google acted promptly to remove a potentially vulnerable software from Pixel smartphones to prevent hacking risks.

No evidence of exploitation was found, but concerns led to proactive security measures.

Arc browser's 'Boosts' feature allows for website customization but poses security risks due to a vulnerability that can be exploited by attackers.

The Google Cloud Document AI service has a serious vulnerability that remains unaddressed, enabling potential data theft from Cloud Storage.

Mac users with versions before 8.10.36 of 1Password are vulnerable to a bug allowing theft of vault items.

Trytond allows report execution on restricted records, posing a security risk that requires users to upgrade immediately.

Trytond is vulnerable to zip bomb attacks due to the acceptance of compressed content from unauthenticated requests.

YubiKey 5 has a vulnerability that allows cloning if an attacker has temporary physical access.

NinjaLab has revealed a vulnerability in YubiKey 5 Series that enables cloning of the devices, posing risks mainly to sensitive users.

AMD processors have a critical firmware flaw allowing deep memory infection for decades.

Some AMD processors dating back to 2006 have a security vulnerability tracked as CVE-2023-31315, impacting models since 2020 with highly privileged execution environment issues.