Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. Patching the memory corruption vulnerability in Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit is important for several reasons as the device is everywhere. Neglecting…

Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. Patching the memory corruption vulnerability in Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit is important for several reasons as the device is everywhere. Neglecting to…

D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution. Patching the command injection vulnerability in D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L devices is important to avoid severe consequences, including: Prevent Remote Code Execution Protect Sensitive Data Ensure System Integrity Prevent Service…

Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file. Patching the Microsoft SmartScreen Prompt security feature bypass vulnerability is important as it can have severe consequences, including: Prevent…

Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions. The vulnerability can lead to severe consequences including: Privilege Escalation Data Breach Risk Operational Disruption Financial Loss Reputation Damage Regulatory Compliance Intellectual Property Theft Spread of Malware Compliance and Audit Impact…

CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS). The vulnerability can lead to severe consequences including: Data Security System Integrity Unauthorized Access Service Availability Privacy Concerns Trust and Reputation Financial Impact Regulatory Compliance This vulnerability can have serious implications for data security, system…

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. The vulnerability can have severe consequences including: Security Breach Risk Data Theft System Compromise Widespread Impact User Trust Regulatory Compliance Service Disruption This vulnerability poses a significant risk to data security, system integrity, regulatory…

Check Point Quantum Security Gateways contains an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and…

Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access. The vulnerability allows an attacker to bypass authorization mechanisms and gain unauthorized access to the system, which can have severe consequences including: Unauthorized Data Access Privilege Escalation Integrity Compromise Service Disruption Regulatory Compliance Trust Erosion It…

Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request. This type of vulnerability, known as command injection or remote code execution, can have severe consequences, including: Unauthorized…