Tag: cve
-
Ghostscript Rendering Platform Vulnerability Let Attackers Execute Remote Code
by
in SecurityNewsA critical vulnerability has been discovered in the Ghostscript rendering platform, identified as CVE-2024-29510. This flaw, a format string vulnerabi… First seen on gbhackers.com Jump to article: gbhackers.com/ghostscript-rendering-vulnerability/
-
Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)
For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080,… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/09/microsoft-fixes-two-zero-days-exploited-by-attackers-cve-2024-38080-cve-2024-38112/
-
Critical Ghostscript flaw exploited in the wild. Patch it now!
by
in SecurityNewsThreat actors are exploiting Ghostscript vulnerability CVE-2024-29510 to bypass the sandbox and achieve remote code execution. Threat actors are activ… First seen on securityaffairs.com Jump to article: securityaffairs.com/165449/hacking/ghostscript-vulnerability-cve-2024-29510.html
-
Apache fixed a source code disclosure flaw in Apache HTTP Server
by
in SecurityNewsThe Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Fo… First seen on securityaffairs.com Jump to article: securityaffairs.com/165422/security/apache-source-code-disclosure-flaw-apache-http-server.html
-
MSI Center: Schwachstelle CVE-2024-37726 ermöglicht System-Privilegien
by
in SecurityNewsNoch eine kurze Meldung für Windows-Nutzer die das MSI Center von Micro-Star International auf ihrem System installiert haben. Es gibt eine Local Priv… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/07/06/msi-center-schwachstelle-cve-2024-37726-ermglicht-system-privilegien/
-
Check Point discovers vulnerability tied to VPN attacks
by
in SecurityNewsWhile Check Point identified CVE-2024-24919 as the root cause behind recent attack attempts on its VPN products, it’s unclear if threat actors gained … First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366586616/Check-Point-discovers-vulnerability-tied-to-VPN-attacks
-
99% of IoT exploitation attempts rely on previously known CVEs
The explosion of Internet of Things (IoT) devices has brought about a wide range of security and privacy challenges, according to Bitdefender and NETG… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/05/iot-security-privacy-challenges/
-
RegreSSHion-Sicherheitslücke CVE-2024-6387 – Millionen Linux-Systeme sind über OpenSSH angreifbar
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/qualys-entdeckt-sicherheitsluecke-in-openssh-a-cf3ed0e947247c683611f2c3891b7713/
-
CVE-2024-6387: New OpenSSH RegreSSHion Vulnerability Gives Hackers Root Access on Linux Servers 700,000+ Linux Boxes Potentially at Risk
by
in SecurityNewsLabeled as CVE-2024-6387, the recently discovered vulnerability in OpenSSH has become a serious cause for concern among Linux servers. OpenSSH is a co… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/cve-2024-6387-new-openssh-regresshion-vulnerability-gives-hackers-root-access-on-linux-servers-700000-linux-boxes-potentially-at-risk/
-
regreSSHion: Kritische OpenSSH Server-Schwachstelle CVE-2024-6387
by
in SecurityNewsIn OpenSSH-Server wurde eine kritische Schwachstelle CVE-2024-6387 offen gelegt. Die als regreSSHion bezeichnete Sicherheitslücke ermöglicht eine Remo… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/07/02/regresshion-kritische-openssh-server-schwachstelle-cve-2024-6387/
-
regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely
by
in SecurityNewsThe critical OpenSSH vulnerability tracked as regreSSHion and CVE-2024-6387 may already be targeted by attackers, but mass exploitation is unlikely. T… First seen on securityweek.com Jump to article: www.securityweek.com/regresshion-openssh-flaw-potential-exploitation-attempts-seen-but-mass-attacks-unlikely/
-
CVE of the month, the supply chain attack hidden for 10 years CVE-2024-38368
by
in SecurityNewsFor over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or s… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/cve-of-the-month-the-supply-chain-attack-hidden-for-10-years-cve-2024-38368/
-
RegreSSHion CVE-2024-6387: A Targeted Exploit in the Wild
by
in SecurityNewsA critical security flaw, known as regression and cataloged under CVE-2024-6387, has been identified in OpenSSH, just a few days ago. This vulnerabili… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/regresshion-cve-2024-6387-a-targeted-exploit-in-the-wild/
-
Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769
by
in SecurityNewsExperts spotted threat actors exploiting the critical vulnerability CVE-2024-0769 affects all D-Link DIR-859 WiFi routers. Researchers from cybersecur… First seen on securityaffairs.com Jump to article: securityaffairs.com/165045/hacking/d-link-dir-859-actively-exploited.html
-
Water Sigbin Exploiting Oracle WebLogic Server Flaw
by
in SecurityNewsWater Sigbin (8220 Gang) exploits vulnerabilities (CVE-2017-3506, CVE-2023-21839) in Oracle WebLogic servers to deliver cryptocurrency miners using Po… First seen on gbhackers.com Jump to article: gbhackers.com/water-sigbin-exploiting-oracle/
-
Dev rejects CVE severity, makes his GitHub repo read-only
by
in SecurityNewsThe popular open source project, ‘ip’ had its GitHub repository archived, or made read-only by its developer as a result of a dubious CVE report filed… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/
-
A Playbook for Detecting the OpenSSH Vulnerability CVE-2024-6387 regreSSHion
by
in SecurityNewsThe Qualys Threat Research Unit has discovered a new high severity signal handler race condition vulnerability in OpenSSH’s server software (sshd). Ac… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/a-playbook-for-detecting-the-openssh-vulnerability-cve-2024-6387-regresshion/
-
Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack
by
in SecurityNewsMillions of OpenSSH servers could be vulnerable to unauthenticated remote code execution due to a vulnerability tracked as regreSSHion and CVE-2024-63… First seen on securityweek.com Jump to article: www.securityweek.com/millions-of-openssh-servers-potentially-vulnerable-to-remote-regresshion-attack/
-
Juniper Networks Issues Critical Patch for Router Vulnerability, CVE-2024-2973
by
in SecurityNewsJuniper Networks has urgently released security updates to address a critical vulnerability affecting some of its routers, identified as CVE-2024-2973… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/juniper-networks-router-vulnerability/
-
Microsoft Active Directory Netlogon Elevation of Privilege CVE-2020-1472
by
in SecurityNewsSummary On August 11th, 2020 Microsoft publicly disclosed the existence of a critical severity Elevation of Priviledge (EOP) vulnerability that impact… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2020/08/12/microsoft-active-directory-netlogon-elevation-of-privilege-cve-2020-1472/
-
Progress MOVEit Transfer: Angriffe auf Schwachstelle CVE-2024-5806
by
in SecurityNewsIn der Software Progress MOVEit Transfer wurde kürzlich die Schwachstelle CVE-2024-5806 bekannt. Bereits kurz nach Veröffentlichung dieser Information… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/26/progress-moveit-transfer-angriffe-auf-schwachstelle-cve-2024-5806/
-
Critical Vulnerability in MOVEit Transfer Let Hackers Gain Files Access
by
in SecurityNewsA critical security vulnerability, CVE-2024-5806, has been identified in MOVEit Transfer, a widely used managed file transfer software. The vulnerabil… First seen on gbhackers.com Jump to article: gbhackers.com/authentication-bypass-vulnerability-in-moveit-transfer/
-
Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)
by
in SecurityNewsProgress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file tra… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/25/cve-2024-5805-cve-2024-5806/
-
Exploitation Attempts Target New MOVEit Transfer Vulnerability
by
in SecurityNewsExploitation attempts targeting CVE-2024-5806, a critical MOVEit Transfer vulnerability patched recently, have started. The post tion attempts targeti… First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-attempts-target-new-moveit-transfer-vulnerability/
-
Mailcow Patches Critical XSS and File Overwrite Flaws Update NOW
by
in SecurityNewslcow email servers faced critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) allowing potential remote code execution. Update to Mailcow 2024… First seen on hackread.com Jump to article: hackread.com/mailcow-patches-critical-xss-file-overwrite-flaws/
-
CosmicSting: Schwachstelle CVE-2024-34102 gefährdet Adobe Commerce- und Magento-Shops
by
in SecurityNewsKleiner Nachtrag von letzter Woche. Seit Mitte des Monats ist bekannt, dass in Adobe Commerce- und Magento-Online-Shops die Schwachstelle CVE-2024-341… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/24/cosmicsting-schwachstelle-cve-2024-34102-gefhrdet-adobe-commerce-und-magento-shops/
-
Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995
by
in SecurityNewsThreat actors are actively exploiting a recently discovered vulnerability in SolarWinds Serv-U software using publicly available proof-of-concept (PoC… First seen on securityaffairs.com Jump to article: securityaffairs.com/164806/hacking/solarwinds-serv-u-cve-2024-28995-exploit.html
-
PrestaShop Website Under Injection Attack Via Facebook Module
by
in SecurityNewsA critical vulnerability has been discovered in the >>Facebook
-
Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code
by
in SecurityNewsTwo critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to execute arbitrary code o… First seen on gbhackers.com Jump to article: gbhackers.com/mailcow-mail-server-remote-code-execution/