Attackers could leverage the flaw, tracked as CVE-2024-29510, via image and document processors to evade Ghostscript's sandbox, execute shell commands, leak stack-based data, and achieve memory corruption.
Attacks by the threat operation entailed the initial targeting of breached devices before proceeding with the exploitation of vulnerable Microsoft Exchange, Atlassian Confluence, and Apache Log4j instances.
Major product lifecycle management software provider PTC has released a fix for a maximum severity vulnerability impacting a license server of its widely used Creo Elements/Direct modeling CAD software, tracked as CVE-2024-6071, reports SecurityWeek.
Most severe of the addressed flaws is a critical bug in GitLab CE/EE versions newer than 15.8, 17.0, and 17.1, tracked as CVE-2024-5655, which could be leveraged to facilitate automated execution of a pipeline upon the automated re-targeting of a merge request.