Category Archives: Advisories

APPLE-SA-05-13-2024-1 Safari 17.5

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-1 Safari 17.5

Safari 17.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214103.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: An attacker with arbitrary read and write capability may be able
to…

Read More

APPLE-SA-05-08-2024-1 iTunes 12.13.2 for Windows

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-08-2024-1 iTunes 12.13.2 for Windows

iTunes 12.13.2 for Windows addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214099.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: Windows 10 and later
Impact: Parsing a file may lead to an unexpected app…

Read More

HNS-2024-07 – HN Security Advisory – Multiple vulnerabilities in RIOT OS

Read Time:22 Second

Posted by Marco Ivaldi on May 14

Hi,

Please find attached a security advisory that describes multiple
vulnerabilities we discovered in RIOT OS.

* Title: Multiple vulnerabilities in RIOT OS
* OS: RIOT <= 2024.01
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2024-05-07
* CVE ID and severity:
* CVE-2024-31225 – High
* CVE-2024-32017 – Critical
* CVE-2024-32018 – High
(low-severity vulnerabilities were not assigned a CVE ID)
* Vendor URL:…

Read More

[KIS-2024-04] Cacti <= 1.2.26 (import.php) Remote Code Execution Vulnerability

Read Time:15 Second

Posted by Egidio Romano on May 14

—————————————————————-
Cacti <= 1.2.26 (import.php) Remote Code Execution Vulnerability
—————————————————————-

[-] Software Link:

https://cacti.net

[-] Affected Versions:

Version 1.2.26 and prior versions.

[-] Vulnerability Description:

The vulnerability is located within the “import_package()” function
defined into the /lib/import.php script….

Read More

Critical Patches Issued for Microsoft Products, May 14, 2024

Read Time:24 Second

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:26 Second

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More