Tag: cve
-
Phoenix UEFI vulnerability impacts hundreds of Intel PC models
by
in SecurityNewsA newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/phoenix-uefi-vulnerability-impacts-hundreds-of-intel-pc-models/
-
Kritische Schwachstelle CVE-2024-38428 in wget
by
in SecurityNewsIm Kommandozeilenprogramm wget gibt es eine kritische Schwachstelle, die mit dem CVSS Base Score 10.0 bewertet wird. CERT-Bund warnt vor der Schwachst… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/18/kritische-schwachstelle-cve-2024-38428-in-wget-dringend-handeln/
-
Phoenix SecureCore UEFI Flaw Exposes Intel Processors to ‘UEFIcanhazbufferoverflow'<< Vulnerability
by
in SecurityNewsA newly discovered vulnerability, CVE-2024-0762, dubbed UEFIcanhazbufferoverflow, has recently come to light in the Phoenix SecureCore UEFI firmware, … First seen on thecyberexpress.com Jump to article: thecyberexpress.com/ueficanhazbufferoverflow-vulnerability/
-
CVE-2024-3080: ASUS warns Customers about the latest Authentication Bypass Vulnerability detected Across seven Router Models
by
in SecurityNewsASUS announces major Firmware Update ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different var… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/cve-2024-3080-asus-warns-customers-about-the-latest-authentication-bypass-vulnerability-detected-across-seven-router-models/
-
Broadcom Advises Urgent Patch for Severe VMware vCenter Server Vulnerabilities
by
in SecurityNewstical security vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) found in VMware vCenter Server! Patch immediately to safeguard virtual… First seen on hackread.com Jump to article: hackread.com/broadcom-patch-vmware-vcenter-server-vulnerabilities/
-
Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability
by
in SecurityNewsHundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware…. First seen on securityweek.com Jump to article: www.securityweek.com/hundreds-of-pc-server-models-possibly-affected-by-serious-phoenix-uefi-vulnerability/
-
Critical PHP Flaw CVE-2024-4577 Patched
by
in SecurityNewsA critical remote code execution bug (CVE-2024-4577) in all versions of PHP on Windows has been patched. The bug also affects all Windows versions of … First seen on duo.com Jump to article: duo.com/decipher/critical-php-flaw-cve-2024-4577-patched
-
Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers
by
in SecurityNewsArm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild.Tracked as CVE-2024-4… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/arm-warns-of-actively-exploited-zero.html
-
Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)
by
in SecurityNewsVMware by Broadcom has fixed two critical vulnerabilities (CVE-2024-37079, CVE-2024-37080) affecting VMware vCenter Server and products that contain i… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/18/cve-2024-37079-cve-2024-37080/
-
Outlook-Schwachstelle CVE-2024-30103 ermöglicht Remote-Code-Ausführung; Patch im Juni 2024
by
in SecurityNewsMit den Sicherheitsupdates vom 11. Juni 2024 hat Microsoft auch eine kritische Schwachstelle in Microsoft Outlook geschlossen. Die Schwachstelle CVE-2… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/15/outlook-schwachstelle-cve-2024-30103-ermglicht-remote-code-ausfhrung-patch-im-juni-2024/
-
Exploit Attempts Against Check Point CVE-2024-24919 On the Rise
by
in SecurityNewsFirst seen on duo.com Jump to article: duo.com/decipher/exploit-attempts-against-check-point-cve-2024-24919-on-the-rise
-
0-day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads
by
in SecurityNewsA significant vulnerability, tracked as CVE-2024-37629, has been discovered in SummerNote 0.8.18. It allows Cross-Site Scripting (XSS) via the Code Vi… First seen on gbhackers.com Jump to article: gbhackers.com/0day-vulnerability-xss-payloads/
-
CVE of the month, CheckPoint Security Gateway exploit CVE-2024-24919
by
in SecurityNewsThis month we dive into CheckPoints CVE-2024-24919 to explain what this vulnerability does and why we have seen it being used in the wild already! The… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/cve-of-the-month-checkpoint-security-gateway-exploit-cve-2024-24919/
-
Exploit for Veeam Recovery Orchestrator auth bypass available, patch now
by
in SecurityNewsA proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been rel… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-for-veeam-recovery-orchestrator-auth-bypass-available-patch-now/
-
Developing a Plan to Respond to Critical CVEs in Open Source Software
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/developing-plan-to-respond-to-critical-cves-open-source-software
-
Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation
The zero-day is tagged as CVE-2024-32896 and described as an elevation of privilege issue in Pixel Firmware. The post -day is tagged as CVE-2024-32896… First seen on securityweek.com Jump to article: www.securityweek.com/google-warns-of-pixel-firmware-zero-day-under-limited-targeted-exploitation/
-
Hotel-Check-In-System: Schwachstelle CVE-2024-37364 in Ariane Allegro Scenario Player legt Daten offen
by
in SecurityNewsWieder ein Sicherheitsproblem bei einem Hotel-Check-In-System, bei dem Daten von Hotelgästen offen werden konnten. Es reichte ein falsches Zeichen ein… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/10/hotel-check-in-system-schwachstelle-cve-2024-37364-in-ariane-allegro-scenario-player-legt-daten-offen/
-
Ransomware Group May Have Exploited Windows Vulnerability as Zero-Day
by
in SecurityNewsThe Black Basta ransomware gang may have exploited the Windows privilege escalation flaw CVE-2024-26169 before it was patched. The post k Basta ransom… First seen on securityweek.com Jump to article: www.securityweek.com/ransomware-group-may-have-exploited-windows-vulnerability-as-zero-day/
-
Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. Patch it now!
by
in SecurityNewsA proof-of-concept (PoC) exploit code for a Veeam Backup Enterprise Manager authentication bypass flaw CVE-2024-29849 is publicly available. Researche… First seen on securityaffairs.com Jump to article: securityaffairs.com/164407/hacking/veeam-cve-2024-29849-poc.html
-
Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)
by
in SecurityNewsJune 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw (CVE-2024-30080) and a RCE vulnerability in Microsoft Outlo… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/11/cve-2024-30080-cve-2024-30103/
-
Microsoft Urges Windows Admins to Patch Microsoft Message Queuing RCE Flaw
by
in SecurityNewsMicrosoft has disclosed two Critical remote code execution vulnerabilities in MSMQ (Microsoft Message Queuing) and the Windows Wi-Fi Driver. The CVE f… First seen on gbhackers.com Jump to article: gbhackers.com/microsoft-message-queuing-rce-flaw/
-
CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability
by
in SecurityNewsIntroduction Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an o… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
-
TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers
by
in SecurityNewsThe TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshe… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/tellyouthepass-ransomware-exploits-recent-php-rce-flaw-to-breach-servers/
-
Apple Patches Vision Pro Vulnerability Used in Possibly ‘First Ever Spatial Computing Hack’
by
in SecurityNewsApple has released a visionOS update that patches CVE-2024-27812, which may be the first flaw specific to the VR headset. The post s released a vision… First seen on securityweek.com Jump to article: www.securityweek.com/apple-patches-vision-pro-vulnerability-used-in-first-ever-spatial-computing-hack/
-
Arm Warns of Exploited Kernel Driver Vulnerability
by
in SecurityNewsArm warns that CVE-2024-4610, a Mali GPU kernel driver vulnerability addressed two years ago, is exploited in attacks. The post s that CVE-2024-4610, … First seen on securityweek.com Jump to article: www.securityweek.com/arm-warns-of-exploited-kernel-driver-vulnerability/
-
Exploit for critical Veeam auth bypass available, patch now
by
in SecurityNewsA proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available,… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-for-critical-veeam-auth-bypass-available-patch-now/
-
PHP Patches Critical Remote Code Execution Vulnerability
by
in SecurityNewsPHP has released patches for CVE-2024-4577, a critical vulnerability that could lead to arbitrary code execution on remote servers. The post released … First seen on securityweek.com Jump to article: www.securityweek.com/php-patches-critical-remote-code-execution-vulnerability/
-
CVE-2024-29849: Veeam discloses Critical Vulnerability that allows attackers to bypass user authentication on its Backup Enterprise Manager web interface
by
in SecurityNewsOn May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager (VBEM) web interface that enables an unauthenticated attacker… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/cve-2024-29849-veeam-discloses-critical-vulnerability-that-allows-attackers-to-bypass-user-authentication-on-its-backup-enterprise-manager-web-interface/
-
Chinese threat actor exploits old ThinkPHP flaws since October 2023
Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researche… First seen on securityaffairs.com Jump to article: securityaffairs.com/164239/hacking/hackers-exploits-old-thinkphp-flaws.html
-
Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells
by
in SecurityNewsChinese threat actors are targeting ThinkPHP applications vulnerable to CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama…. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-2018-thinkphp-flaws-to-install-dama-web-shells/