Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities

Nvidia, Zoom, and Zyxel have released patches for multiple high-severity vulnerabilities across their products.

Nvidia, Zoom, and Zyxel this week announced fixes for multiple high-severity vulnerabilities in their products, urging users to update devices as soon as possible.

Nvidia released patches for three security defects in Container Toolkit and GPU Operator for Linux, including two high-severity improper isolation bugs that could be exploited using crafted container images.

The first issue, tracked as CVE-2024-0135, could lead to the modification of a host binary, while the second, tracked as CVE-2024-0136, could lead to untrusted code gaining read and write access to host devices.

In both cases, successful exploitation could result in code execution, privilege escalation, denial-of-service (DoS), information disclosure, and data tampering, but the second flaw only impacts Container Toolkit deployments that are configured in a nondefault way.

Both vulnerabilities were resolved in Container Toolkit version 1.17.1 and GPU Operator version 24.9.1, which also address a medium-severity improper isolation vulnerability that could lead to untrusted code running in the host’s network namespace, which is tracked as CVE-2024-0137.

Zoom rolled out patches for a high-severity type confusion issue in the Workplace app for Linux that could allow authenticated network attackers to escalate privileges. Tracked as CVE-2025-0147, the flaw also impacts Meeting SDK for Linux and Video SDK for Linux.

The company also resolved medium- and low-severity vulnerabilities in the installers for Workplace apps for macOS and Windows, in the Workplace apps for desktop and mobile devices, and in the Jenkins bot plugin.

On Tuesday, Zyxel announced fixes for an improper privilege management flaw in the web interface of 23 access point and router models. The bug is tracked as CVE-2024-12398 (CVSS score of 8.8).

Advertisement. Scroll to continue reading.

“The improper privilege management vulnerability in the web management interface of certain AP and security router firmware versions could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device,” Zyxel notes.

According to a NIST advisory, the security defect impacts Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2). The company has released patches for 22 access point models and one router model.

Zyxel makes no mention of the vulnerability being exploited in the wild, but threat actors are known to have targeted flaws in Zyxel products.

Related: ICS Patch Tuesday: Security Advisories Published by Schneider, Siemens, Phoenix Contact, CISA

Related: CISA Warns of Second BeyondTrust Vulnerability Exploited in Attacks

Related: CoSAI: Tech Giants Form Coalition for Secure AI

Related: Tech CEOs Altman, Nadella, Pichai and Others Join Government AI Safety Board Led by DHS’ Mayorkas

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.