Google’s December Android update addresses 107 security flaws, including two Framework vulnerabilities already exploited in targeted scenarios. The release also patches a critical DoS issue and multiple vendor-specific components across major chipsets.

How should mobile ecosystems improve patch adoption across fragmented devices?
Follow us for more neutral, technical cybersecurity updates.

Source: https://thehackernews.com/2025/12/google-patches-107-android-flaws.html

#infosec #androidsecurity #zeroday #vulnresearch #mobilesecurity #threatintel #googlepatch #securitybulletin #technadu

Security Bulletin: Atlassian June 2024

Date: June 18, 2024
CVE: CVE-2024-22257
Vulnerability Type: Improper Authorization
CWE: [[CWE-284]], [[CWE-918]], [[CWE-400]]
Sources: Atlassian Documentation, NVD

Synopsis

Atlassian has released a security bulletin addressing multiple high-severity vulnerabilities in its products. These vulnerabilities, discovered through the company's Bug Bounty program and third-party scans, have been fixed in recent versions.

Issue Summary

Nine high-severity vulnerabilities affecting various Atlassian products were disclosed. These vulnerabilities include issues such as improper authorization and server-side request forgery (SSRF) in dependencies like org.springframework.security:spring-security-core and org.springframework:spring-web. Confluence, Jira, and Fisheye/Crucible are among the affected products.

Technical Key Findings

The vulnerabilities primarily involve improper authorization and SSRF, which allow attackers to exploit insufficient validation of user inputs. For instance, CVE-2024-22257 involves improper authorization due to flaws in the org.springframework.security:spring-security-core dependency, potentially leading to unauthorized access.

Vulnerable Products

• Confluence Data Center and Server: Versions 8.9.0 to 8.9.2, 8.8.0 to 8.8.1, 8.7.1 to 8.7.2, among others.
• Fisheye/Crucible: Versions 4.8.10 to 4.8.14.
• Jira Data Center and Server: Versions 9.12.0 to 9.12.7 (LTS), 9.4.0 to 9.4.20 (LTS).
• Jira Service Management: Versions 5.15.2, 5.12.0 to 5.12.7 (LTS).

Impact Assessment

Exploiting these vulnerabilities could lead to unauthorized access, denial of service (DoS), or information disclosure, significantly impacting the confidentiality, integrity, and availability of the affected systems.

Patches or Workaround

Patches have been released for the affected products. Users are advised to update to the latest versions or apply the recommended fixed versions listed in the bulletin. No temporary mitigations are provided; hence, immediate patching is crucial.

Tags

#Atlassian #CVE-2024-22257 #ImproperAuthorization #SSRF #DoS #Confluence #Jira #SecurityBulletin #Vulnerability

Attackers are exploiting a critical #XSS #vulnerability (CVE-2023-34192) in #Zimbra.

Our latest #securitybulletin proposes mitigation measures to address the flaw: https://bit.ly/47bK2s6

#crosssitescripting #owasptop10 #owasp #zeroday #zerodayvulnerability #xssvulnerability #waap #DAST #waf #virtualpatching #apptrana #indusface

The fixes are already out there, so please patch those drivers!

NVIDIA puts out Security Bulletin for various driver issues | GamingOnLinux https://www.gamingonlinux.com/2022/12/nvidia-puts-out-security-bulletin-for-various-driver-issues/

#NVIDIA #GPU #Drivers #SecurityBulletin #InfoSec