Category: Vulnerability
-
NVIDIA security vulnerability (CVE-2024-0127)
CVE-2024-0127 is a high-severity vulnerability affecting NVIDIA’s vGPU software, specifically in the GPU kernel driver of the vGPU Manager. It affects all supported hypervisors, allowing a user on the guest OS to exploit improper input validation, potentially compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of…
-
NVIDIA security vulnerability (CVE-2024-0126)
CVE-2024-0126 is a high-severity vulnerability affecting NVIDIA GPU Display Drivers for Windows and Linux. It stems from improper input validation (CWE-20) and could allow a privileged attacker to escalate permissions. Exploiting this vulnerability might lead to various outcomes, including arbitrary code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Affected versions…
-
Apple security vulnerability (CVE-2024-44206)
CVE-2024-44206 is a vulnerability in Apple’s WebKit, related specifically to the handling of URL protocols. This issue could potentially allow a bypass of web content restrictions on affected devices, exposing users to restricted content if exploited. Apple addressed this vulnerability by improving the logic for URL handling.This issue is fixed in tvOS 17.6, visionOS 1.3,…
-
Apple macOS, iOS and iPadOS security vulnerability (CVE-2024-44205)
CVE-2024-44205 is a vulnerability affecting Apple’s macOS, iOS and iPadOS operating systems. This issue relates to a privacy flaw where certain sandboxed applications may gain access to sensitive user data within system logs, potentially exposing private information. Apple resolved this vulnerability by enhancing data redaction processes within log entries across affected systems. This issue is…
-
Fortinet FortiManager zero-day vulnerability (CVE-2024-47575)
CVE-2024-47575 is a critical zero-day vulnerability identified in Fortinet’s FortiManager, primarily due to missing authentication checks on a critical function in its fgfmd daemon. Rated with a CVSS score of 9.8, the flaw enables unauthenticated remote attackers to execute arbitrary code or commands on vulnerable devices through specially crafted requests. Fortinet has reported active exploitation…
-
Red Hat Linux security vulnerability (CVE-2024-10041)
CVE-2024-10041 is a vulnerability in the Pluggable Authentication Module (PAM) affecting Linux systems. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This…
-
Security vulnerability fixed in Firefox 131.0.3 (CVE-2024-9936)
CVE-2024-9936 is a vulnerability in Firefox versions prior to 131.0.3. The flaw occurs when manipulating the selection node cache, which can lead to unexpected behavior and potentially an exploitable crash. This issue could be used to cause a denial of service (DoS) attack, making the browser crash and rendering it inaccessible to users. The vulnerability…
-
Mozilla Firefox 131.0.1 security vulnerability (CVE-2024-9680)
CVE-2024-9680 is a critical vulnerability identified as a use-after-free flaw in Mozilla Firefox and Thunderbird. This vulnerability, which has been actively exploited as a zero-day, affects Firefox versions prior to 131.0.2 and Thunderbird versions prior to 131.0.1. The flaw occurs in the browsers’ handling of Animation timelines, allowing attackers to execute arbitrary code by exploiting…
-
Apple iOS 18 and iPadOS 18 security vulnerability (CVE-2024-44204)
CVE-2024-44204 is a vulnerability in Apple’s iOS and iPadOS versions prior to 18.0.1, affecting users’ saved passwords. This vulnerability arises from a logic flaw in VoiceOver, a screen reader feature designed for accessibility, which could potentially allow saved passwords to be read aloud unintentionally. Apple addressed this issue by implementing improved validation checks to restrict…
-
Apple iOS 18 and iPadOS 18 security vulnerability (CVE-2024-44207)
CVE-2024-44207 is a vulnerability in Apple’s iOS and iPadOS systems, impacting versions prior to 18.0.1. This flaw in the Messages app allows audio messages to capture brief audio snippets before the microphone indicator is turned on, potentially exposing sensitive information. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. See more details on: