Tag: cve
-
New Threats in Cybersecurity: September 2024 CVE Roundup
by
in SecurityNewsKeep Your Organization Safe with Up-to-Date CVE Information The National Institute of Standards and Technology (NIST) continues to identify critical … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/new-threats-in-cybersecurity-september-2024-cve-roundup/
-
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)
by
in SecurityNewsDetails about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could b… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/25/cve-2024-28987-poc/
-
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
by
in SecurityNewsCVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by atta… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/25/cve-2024-7593-exploited/
-
Researcher Details Cisco Smart Licensing that Lets Attacker Control Device
by
in SecurityNewsCisco disclosed a critical vulnerability identified as CVE-2024-20439, affecting its Smart Licensing Utility. An independent researcher discovered thi… First seen on gbhackers.com Jump to article: gbhackers.com/cisco-smart-licensing/
-
FreeBSD RCE Vulnerability Let Attackers Execute Malicious Code
by
in SecurityNewsFreeBSD has disclosed a critical remote code execution (RCE) vulnerability affecting its bhyve hypervisor. This vulnerability, CVE-2024-41721, could a… First seen on gbhackers.com Jump to article: gbhackers.com/freebsd-rce-vulnerability/
-
CVE-2024-45195 – Kritische Schwachstelle in Apache OFBiz erlaubt Code-Ausführung
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/ofbiz-updates-sicherheitsluecken-schliessen-a-f0c2bba805a440d188cad18437132f49/
-
Third Recent Ivanti Vulnerability Exploited in the Wild
by
in SecurityNewsCVE-2024-7593 is the third Ivanti product vulnerability patched in recent months that has been exploited in the wild. The post Third Recent Ivanti Vul… First seen on securityweek.com Jump to article: www.securityweek.com/third-recent-ivanti-product-vulnerability-exploited-in-the-wild/
-
CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive
by
in SecurityNewsOn August 13, 2024, SolarWinds released a security advisory for Web Help Desk (WHD) that detailed a deserialization remote code execution vulnerabilit… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/
-
Attackers exploit second Ivanti Cloud Service Appliance flaw for more access
by
in SecurityNewsHackers are exploiting the vulnerability in tandem with a previously disclosed CVE, to bypass authentication measures and take control of an affected … First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ivanti-critical-cves-exploits/727632/
-
Sicherheitswarnung für Progress Kemp LoadMaster 2024-7591 gefährdet Netzwerke mit LoadMaster
by
in SecurityNews
Tags: cveFirst seen on security-insider.de Jump to article: www.security-insider.de/progress-kemp-updates-loadmaster-multi-tenant-hypervisor-a-5dd89039eeb16bd1df5fcf0df70f6f6d/
-
CVE-2023-49559 bedroht Webanwendungen – Denial-ofAngriff durch Schwachstelle in gqlparser
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/dos-schwachstelle-gqlparser-bibliothek-cve-2023-49559-update-a-822db54d9d5eddd444d8ea9856443ecd/
-
CVE-2024-20439 und CVE-2024-20440 – CVSS 9.8 Schwachstelle im Cisco Smart Licensing Utility
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/cisco-sicherheitswarnung-kritische-schwachstellen-smart-licensing-utility-a-0940d0adb0d80e8b71058a45a7f8b73d/
-
Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)
by
in SecurityNewsResearchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard fo… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/19/cve-2024-45488/
-
Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
by
in SecurityNewsIn addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited. The … First seen on securityweek.com Jump to article: www.securityweek.com/ivanti-warns-of-second-csa-vulnerability-exploited-in-attacks/
-
Hackers exploit CVE in older versions of Ivanti Cloud Service Appliance
First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/hackers-exploit-ivanti-cloud-service-appliance/727088/
-
Oracle Vulnerabilities From ‘Miracle Exploit’ Targeted in Attacks
by
in SecurityNewsCISA is warning organizations that two Oracle vulnerabilities tracked as CVE-2022-21445 and CVE-2020-14644 are being exploited in the wild. The post … First seen on securityweek.com Jump to article: www.securityweek.com/cisa-oracle-vulnerabilities-from-miracle-exploit-targeted-in-attacks/
-
PoC Exploit Released for CVE-2024-7965 Zero-Day Chrome Vulnerability
by
in SecurityNewsA proof-of-concept (PoC) exploit has been released for a critical zero-day vulnerability identified as CVE-2024-7965, affecting Google’s Chrome browse… First seen on gbhackers.com Jump to article: gbhackers.com/poc-exploit-released-zero-day/
-
Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812
by
in SecurityNewsBroadcom addressed a critical vulnerability in the VMware vCenter Server that could allow remote attackers to achieve code execution. Broadcom release… First seen on securityaffairs.com Jump to article: securityaffairs.com/168536/security/vmware-vcenter-server-cve-2024-38812.html
-
CVE-2024-38856 and CVE-2024-45195 Apache OFBiz Security Vulnerabilities August 2024
by
in SecurityNewsCritical Security Vulnerabilities (CVE-2024-38856 and CVE-2024-45195) in Apache OFBiz Expose Enterprise Systems to Potential Data Breaches and Disrupt… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-38856-and-cve-2024-45195-apache-ofbiz-security-vulnerabilities-august-2024/
-
Microsoft Windows Kernel Vulnerability Exploited in the Wild
by
in SecurityNewsMicrosoft has confirmed the exploitation of a Windows Kernel vulnerability, identified as CVE-2024-37985, in the wild. This vulnerability, first relea… First seen on gbhackers.com Jump to article: gbhackers.com/microsoft-windows-kernel-vulnerability/
-
LibreOffice Repair Mode Vulnerability Let Attackers Mark the Document as Not Valid
by
in SecurityNewsLibreOffice users are urged to update their software after disclosing a critical vulnerability, CVE-2024-7788, which affects the document repair mode…. First seen on gbhackers.com Jump to article: gbhackers.com/libreoffice-repair-mode-vulnerability/
-
PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)
by
in SecurityNewsCVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the at… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/17/cve-2024-8190/
-
Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024
Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461, was actively exploited as a zero-day before July 2024. Microsoft warn… First seen on securityaffairs.com Jump to article: securityaffairs.com/168467/hacking/windows-cve-2024-43461-actively-exploited-before-july-2024.html
-
Exploit code released for critical Ivanti RCE flaw, patch now
by
in SecurityNewsA proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-code-released-for-critical-ivanti-rce-flaw-patch-now/
-
SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager
by
in SecurityNewsSolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. SolarWinds released security… First seen on securityaffairs.com Jump to article: securityaffairs.com/168456/security/solarwinds-fixed-rce-cve-2024-28991.html
-
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
by
in SecurityNewsCVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML a software component used by various apps for rendering render web pages on Windows … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/16/cve-2024-43461-exploited/
-
Windows vulnerability abused braille spaces in zero-day attacks
by
in SecurityNewsA recently fixed Windows MSHTML spoofing vulnerability tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-vulnerability-abused-braille-spaces-in-zero-day-attacks/
-
How to manage the rising tide of CVEs
by
in SecurityNews
Tags: cveFirst seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cyber-security-vulnerability-management-CVE/726710/
-
Kritische Schwachstelle CVE-2024-40766 – CVSS 9.3 Firewalls von Sonicwall in Gefahr
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/sonicwall-firewalls-angriffe-schutzmassnahmen-cve-2024-40766-a-fb6be1e1993f9f52f8ca402442ac8faf/
-
Ivanti Cloud Service Appliance flaw is being actively exploited in the wild
Ivanti warned that recently patched flaw CVE-2024-8190 in Cloud Service Appliance (CSA) is being actively exploited in the wild. Ivanti warned that a … First seen on securityaffairs.com Jump to article: securityaffairs.com/168388/hacking/ivanti-csa-cve-2024-8190.html