Featured Story
GitHub Fixes Maximum Severity Flaw in Enterprise Server
GitHub has patched a critical vulnerability (CVE-2024-4985) in GitHub Enterprise Server (GHES), scoring a maximum 10.0 on the CVSS scale. This authentication bypass flaw could have allowed unauthorized access to vulnerable instances without user credentials. The flaw affects all GHES versions prior to 3.13.0, but only impacts configurations using optional encrypted assertions and SAML single sign-on.
Other Stories
New Google Chrome Zero-Day in Less Than a Week. Update Your Browser Now!
Google has patched another actively exploited zero-day (CVE-2024-4671), an out-of-bounds write flaw in the V8 JavaScript engine, just four days after its previous fix. The vulnerability enables attackers to execute code outside the browser sandbox and is being used in the wild.
- Chrome 124.0.6367.201 (Windows/Linux)
- Chrome 124.0.6367.202 (macOS)
Zero-days in browsers continue to be among the most heavily targeted attack vectors.
Critical SQL Injection Flaws Impact Ivanti Endpoint Manager (EPM)
Ivanti has patched ten vulnerabilities in Endpoint Manager (EPM) 2022 SU5 and earlier. Six of these flaws have a CVSS score of 9.6 and could allow unauthenticated attackers within the same network to execute arbitrary code via SQL injection.
WARNING: A Critical Vulnerability Affects Fluent Bit
Fluent Bit, widely used in Kubernetes environments, is affected by a memory corruption flaw (CVE-2024-4323) in its monitoring API. The vulnerability has a 9.8 CVSS score and could lead to RCE, DoS, or data leaks through specially crafted HTTP requests.
