Tag: cve
-
Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018
by
in SecurityNewsThe vulnerability, tagged as CVE-2024-41110 with a CVSS severity score of 10/10, was originally found and fixed in 2018. The post Docker Patches Criti… First seen on securityweek.com Jump to article: www.securityweek.com/docker-patches-critical-authz-plugin-bypass-vulnerability-dating-back-to-2018/
-
Critical Microsoft Zero-Day Vulnerability Exploited in the Wild for Over a Year
by
in SecurityNewsA severe zero-day vulnerability in Microsoft Windows, tracked as CVE-2024-38112, has been actively exploited by threat actors for at least 18 months. … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/critical-microsoft-zero-day-vulnerability-exploited-in-the-wild-for-over-a-year/
-
SolarWinds Serv-U vulnerability under attack
by
in SecurityNewsThe Centre for Cybersecurity Belgium observed exploitation against CVE-2024-28995, a high-severity vulnerability in SolarWind’s Serv-U file transfer p… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366589400/SolarWinds-Serv-U-vulnerability-under-attack
-
Organizations Warned of Exploited Twilio Authy Vulnerability
by
in SecurityNewsCISA warns of the in-the-wild exploitation of CVE-2024-39891, a Twilio Authy bug leading to the disclosure of phone number data. The post Organization… First seen on securityweek.com Jump to article: www.securityweek.com/organizations-warned-of-exploited-twilio-authy-vulnerability/
-
Windows Patchday-Nachlese: MSHTML 0-day-Schwachstelle CVE-2024-38112 durch Malware ausgenutzt
by
in SecurityNewsNoch ein kleiner Nachtrag zum Juli 2024 Patchday bei Microsoft. Mit den Sicherheitsupdates hat Microsoft auch eine MSHTML Spoofing-Schwachstelle gesch… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/07/18/windows-patchday-nachlese-mshtml-0-day-schwachstelle-cve-2024-38112-durch-malware-ausgenutzt/
-
SonicOS IPSec VPN Vulnerability Let Attackers Cause Dos Condition
by
in SecurityNewsSonicWall has disclosed a critical heap-based buffer overflow vulnerability in its SonicOS IPSec VPN. This flaw, identified as CVE-2024-40764, can pot… First seen on gbhackers.com Jump to article: gbhackers.com/sonicos-ipsec-vpn-vulnerability/
-
Critical Bazaar Vulnerability CVE-2024-40348: Directory Traversal Flaw Threatens System Integrity
by
in SecurityNewsA critical security flaw, CVE-2024-40348, has emerged in Bazaar v1.4.3, posing substantial risks due to its potential for directory traversal by unaut… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2024-40348-vulnerability-in-bazaar-v1-4-3/
-
Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419)
by
in SecurityNewsCisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/18/cve-2024-20401-cve-2024-20419/
-
Hackers are actively exploiting PHP RCE vulnerability (CVE-2024-4577)
by
in SecurityNewsA critical vulnerability in PHP, designated CVE-2024-4577, has become a prime target for cybercriminals within a day of its public disclosure in June … First seen on securityonline.info Jump to article: securityonline.info/hackers-are-actively-exploiting-php-rce-vulnerability-cve-2024-4577/
-
Void Banshee exploits CVE-2024-38112 zero-day to spread malware
Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void … First seen on securityaffairs.com Jump to article: securityaffairs.com/165832/apt/void-banshee-cve-2024-38112-zero-day-attacks.html
-
New OpenSSH CVE-2024-6409 Flaw Emerges
by
in SecurityNewsA week after the disclosure of the regreSSHion CVE-2024-6387 flaw in OpenSSH, researchers have found a related flaw (CVE-2024-6409) in some recent ver… First seen on duo.com Jump to article: duo.com/decipher/new-openssh-cve-2024-6409-flaw-emerges
-
Void Banshee APT exploited >>lingering Windows relic<< in zero-day attacks
by
in SecurityNewsThe zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/16/cve-2024-38112-void-banshee/
-
Ransomware groups target Veeam Backup Replication bug
by
in SecurityNewsMultiple ransomware groups were spotted exploiting a vulnerability, tracked as CVE-2023-27532, in Veeam Backup & Replication. The vulnerability CV… First seen on securityaffairs.com Jump to article: securityaffairs.com/165753/malware/ransomware-groups-target-veeam-backup-replication-bug.html
-
Neue Sicherheitslücke CVE-2024-6409 – Schon wieder Schwachstelle in OpenSSH gefunden!
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/neue-sicherheitsluecken-openssh-cve-2024-6409-cve-2024-6387-a-d440c27ea09facb360e465932b6160b4/
-
Apache HugeGraph Vulnerability Exploited in Wild
by
in SecurityNewsA recently patched Apache HugeGraph-Server vulnerability tracked as CVE-2024-27348 is being targeted in attacks. The post Apache HugeGraph Vulnerabili… First seen on securityweek.com Jump to article: www.securityweek.com/apache-hugegraph-vulnerability-exploited-in-wild/
-
Oracle Patches 240 Vulnerabilities With July 2024 CPU
by
in SecurityNewsOracle releases 386 new security patches to resolve roughly 240 unique CVEs as part of its July 2024 Critical Patch Update. The post Oracle Patches 24… First seen on securityweek.com Jump to article: www.securityweek.com/oracle-patches-240-vulnerabilities-with-july-2024-cpu/
-
Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code
by
in SecurityNewsA critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as CVE-2024-6744. This flaw assigned a CVSS score of 9… First seen on gbhackers.com Jump to article: gbhackers.com/cellopoint-secure-email-gateway-flaw/
-
Act Now: Critical Apache HugeGraph Vulnerability Under Attack
by
in SecurityNewsA critical security vulnerability, CVE-2024-27348, has been identified in Apache HugeGraph-Server, posing a severe risk to organizations relying on th… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/hugegraph-vulnerability-cve-2024-27348/
-
APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer
The Void Banshee APT exploited the CVE-2024-38112 Windows zero-day to infect systems with the Atlantida stealer. The post APT Exploits Windows Zero-Da… First seen on securityweek.com Jump to article: www.securityweek.com/apt-exploits-windows-zero-day-to-execute-code-via-disabled-internet-explorer/
-
Patch-Tuesday Die Auswirkungen der Schwachstelle in Windows-Hyper-V sind enorm
by
in SecurityNewsSaeed Abbasi, Produktmanager, Vulnerability Research, Qualys Threat Research Unit (TRU) zum Patch Tuesday: ‘Die Auswirkungen von CVE-2024-38080, einer… First seen on netzpalaver.de Jump to article: netzpalaver.de/2024/07/10/patch-tuesday-die-auswirkungen-der-schwachstelle-in-windows-hyper-v-sind-enorm/
-
Hacker nutzen uralte Sicherheitslücke um Sicherheitsvorkehrungen auszuhebeln
by
in SecurityNewsObwohl die Sicherheitslücke CVE-2015-2291 in Treibern von Intel bereits seit Jahren bekannt ist, nutzen Hacker sie bis heute aus, um Netzwerke zu komp… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/hacker-nutzen-uralte-sicherheitslucke-um-sicherheitsvorkehrungen-auszuhebeln
-
Microsoft Says Windows Not Impacted by regreSSHion as Second OpenSSH Bug Is Found
by
in SecurityNewsA second remote code execution vulnerability, tracked as CVE-2024-6409, was found in OpenSSH during an analysis of the regreSSHion flaw. The post Micr… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-says-windows-not-impacted-by-regresshion-as-second-openssh-bug-is-found/
-
How CVE-2022-24785 MomentJS Path Traversal Works: Detailed Exploit Guide
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36079/How-CVE-2022-24785-MomentJS-Path-Traversal-Works-Detailed-Exploit-Guide.html
-
Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware
Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The Akamai Security Intellig… First seen on securityaffairs.com Jump to article: securityaffairs.com/165586/hacking/php-flaw-cve-2024-4577-actively-exploited.html
-
VMware fixed critical SQL-Injection in Aria Automation product
by
in SecurityNewsVMware addressed a critical SQL-Injection vulnerability, tracked as CVE-2024-22280, impacting Aria Automation. Virtualization giant VMware addressed a… First seen on securityaffairs.com Jump to article: securityaffairs.com/165560/security/vmware-aria-automation-critical-sql-injection.html
-
A new flaw in OpenSSH can lead to remote code execution
by
in SecurityNewsA vulnerability affects some versions of the OpenSSH secure networking suite, it can potentially lead to remote code execution. The vulnerability CVE-… First seen on securityaffairs.com Jump to article: securityaffairs.com/165535/hacking/openssh-flaw-cve-2024-6409.html
-
Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)
by
in SecurityNewsCVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by at… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/10/cve-2024-38112-cve-2024-38021/
-
Passwort Folge 5: Common Vulnerabilities and Exposures
by
in SecurityNewsIm Podcast von heise security diskutieren die Hosts das System der CVE-Nummern: Wie funktioniert die, wo klemmt es und warum will Linux das System kap… First seen on heise.de Jump to article: www.heise.de/news/Passwort-Folge-5-Common-Vulnerabilities-and-Exposures-9777933.html
-
Ghostscript Rendering Platform Vulnerability Let Attackers Execute Remote Code
by
in SecurityNewsA critical vulnerability has been discovered in the Ghostscript rendering platform, identified as CVE-2024-29510. This flaw, a format string vulnerabi… First seen on gbhackers.com Jump to article: gbhackers.com/ghostscript-rendering-vulnerability/
-
Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)
For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080,… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/09/microsoft-fixes-two-zero-days-exploited-by-attackers-cve-2024-38080-cve-2024-38112/