Tag: cvss
-
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
by
in SecurityNewsFortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information.The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0.”A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive…
-
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
by
in SecurityNewsThreat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164,…
-
Hitachi Authentication Bypass Vulnerability Allows Attackers to Hack the System Remotely
by
in SecurityNewsCritical Authentication Bypass Vulnerability Identified in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer. A severe vulnerability has been discovered in Hitachi’s Infrastructure Analytics Advisor and Ops Center Analyzer, posing a significant security risk to users of these products. The vulnerability, identified as CVE-2024-10205, has a CVSS 3.1 score of 9.4, categorized as >>High.
-
CVSS 10.0 – Alarmstufe Rot für die Cloud Services Application von Ivanti
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/ivanti-cloud-services-sicherheitsupdate-a-af37ebf25237d03e0e394e141d611278/
-
Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads
by
in SecurityNewsHackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source framework for developing Java web applications. The vulnerability, assigned the identifier CVE-2024-53677, has a critical CVSS score of 9.5, indicating its potential for severe impact if left unaddressed. Background on the Vulnerability Apache Struts2 announced the vulnerability last week, highlighting…
-
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
by
in SecurityNewsA security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages.The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting…
-
Maximaler CVSS 10.0 – Sailpoint IdentityIQ enthält hochriskante Schwachstelle
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/-kritische-sicherheitsluecke-sailpoints-identityiq-notfall-fix-a-941c95e1e094d9b26d222f656a449fe3/
-
Security researchers find deep flaws in CVSS vulnerability scoring system
by
in SecurityNewsThe industrywide method for assessing the severity of vulnerabilities in software and hardware needs to be revised because it provides potential misleading severity assessment, delegates at Black Hat Europe were told Thursday.The Common Vulnerability Scoring System (CVSS) makes use of various metrics to quantify vulnerability severity. A presentation at Black Hat by cybersecurity experts from…
-
Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug
The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-hacker-pwns-81k-sophos-devices-with-zero-day-bug
-
OpenWrt Update Flaw Exposed Devices to Malicious Firmware
by
in SecurityNewsEmbedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity Check. A critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, with a CVSS core of 9.3 and tracked as CVE-2024-54143. First seen on…
-
CVE-2024-11205: WPForms Plugin Vulnerability Exposes 6 Million WordPress Sites to Financial Risk
by
in SecurityNewsA critical vulnerability, identified as CVE-2024-11205, was discovered in the WPForms plugin, a popular WordPress form builder used by over 6 million active websites. This vulnerability, which has been assigned a high CVSS score of 8.5, targets businesses relying on WPForms for payment processing and subscription management, especially those using Stripe integration. First seen on…
-
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console
by
in SecurityNewsVeeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances.The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing.”From the…
-
SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer
by
in SecurityNewsThreat actors are using a well-known modular malware loader, SmokeLoader, to exploit known Microsoft Office vulnerabilities and steal sensitive browser credentials.The loader which runs a framework to deploy multiple malware modules, was observed by Fortinet’s FortiGuard Labs in attacks targeting manufacturing, healthcare, and IT companies in Taiwan.”SmokeLoader, known for its ability to deliver other malicious…
-
CVSS-Wert ist unzureichend – Unternehmen schließen nur selten Sicherheitslücken
by
in SecurityNews
Tags: cvssFirst seen on security-insider.de Jump to article: www.security-insider.de/analyse-schwachstellenmanagement-unternehmen-a-2f1a61b367bfe87694e8805a6e9f678b/
-
JFrog Software Supply Chain Report zeigt, dass viele kritische CVSS-Scores irreführend sind
by
in SecurityNews74 Prozent der Bewertungen von Schwachstellen mit hohen oder kritischen CVSS-Scores sind irreführend trotzdem verbringen 60 Prozent der Sicherheits- … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-software-supply-chain-report-zeigt-dass-viele-kritische-cvss-scores-irrefuehrend-sind/a36964/
-
FYSA Critical RCE Flaw in GNU-Linux Systems
by
in SecurityNewsSummary A severe, unauthenticated remote code execution (RCE) flaw has been discovered in GNU Linux systems. The vulnerability, rated CVSS 9.9, affect… First seen on securityintelligence.com Jump to article: securityintelligence.com/news/fysa-critical-rce-flaw-in-gnu-linux-systems/
-
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
by
in SecurityNewsTwo critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution.The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in…
-
Walking the Walk: How Tenable Embraces Its >>Secure by Design<< Pledge to CISA
by
in SecurityNews
Tags: access, application-security, attack, authentication, best-practice, business, cisa, cloud, conference, container, control, credentials, cve, cvss, cyber, cybersecurity, data, data-breach, defense, exploit, Hardware, identity, infrastructure, injection, Internet, leak, lessons-learned, mfa, open-source, passkey, password, phishing, risk, saas, service, siem, software, sql, strategy, supply-chain, theft, threat, tool, update, vulnerability, vulnerability-managementAs a cybersecurity leader, Tenable was proud to be one of the original signatories of CISA’s “Secure by Design” pledge earlier this year. Our embrace of this pledge underscores our commitment to security-first principles and reaffirms our dedication to shipping robust, secure products that our users can trust. Read on to learn how we’re standing…
-
Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely
by
in SecurityNewsCritical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content management solution. The vulnerability, rated with a CVSS v3.1 Base Score of 9.8 (Critical), could allow attackers to execute arbitrary code on affected servers. This exploit leverages vulnerabilities inherent to the .NET Remoting service used by Enterprise Vault. The Nature…
-
GeoVision 0-Day Vulnerability Exploited in the Wild
by
in SecurityNews
Tags: authentication, cve, cvss, cyber, cybersecurity, exploit, flaw, injection, vulnerability, zero-dayCybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices, which the manufacturer no longer supports. The vulnerability, now designated as CVE-2024-11120, has been assigned a high-severity CVSS score of 9.8 and used by a sophisticated botnet. The security flaw is a pre-authentication command injection vulnerability, which allows attackers to execute arbitrary…
-
High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables
by
in SecurityNewsCybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure.The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8.Environment variables are user-defined values that can allow a program First seen on thehackernews.com…
-
Thousands of EOL D-Link Routers Vulnerable to Password Change Attacks
by
in SecurityNewsIn a critical security disclosure, it has been revealed that thousands of end-of-life (EOL) D-Link DSL-6740C routers are vulnerable to password change attacks. The vulnerability tracked as CVE-2024-11068 has been rated as critical by the TWCERT/CC, with an alarming CVSS score of 9.8. The affected routers, no longer supported by D-Link as of January 15, 2024, are…
-
Critical Veeam CVE targeted by new ransomware variant
by
in SecurityNewsMultiple ransomware variants are now targeting the CVE, which has a CVSS of 9.8. For customers, the risk of exploitation is only increasing. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/veeam-cve-exploit-frag-ransomware/732670/
-
Understand CVE vs CVSS for Improved Cybersecurity
by
in SecurityNewsCWEs and CVEs have similarities and differences. Understanding both can help you keep your organization secure. Staying ahead of vulnerabilities is critical for any cybersecurity pro tasked with protecting an organization’s assets and data in a constantly shifting threat landscape. The Common Vulnerabilities and Exposures (CVE) system and the Common Vulnerability Scoring System (CVSS) are……
-
Max-Critical Cisco Bug Enables Command-Injection Attacks
by
in SecurityNewsThough Cisco reports of no known malicious exploitation attempts, but thanks to a CVSS 10 out of 10 security vulnerability (CVE-2024-20418) three of its wireless access points are vulnerable to remote, unauthenticated cyberattacks. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cisco-bug-command-injection-attacks
-
CVSS 9.8 für ScienceLogic SL1 Day-Schwachstelle in ScienceLogic-Monitoring
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/-rackspace-warnung-sciencelogic-schwachstelle-update-a-f4569fd7f0bd9e251be849563276c808/
-
Cisco scores a perfect CVSS 10 with critical flaw in its wireless system
by
in SecurityNewsUltra-Reliable Wireless Backhaul doesn’t live up to its name First seen on theregister.com Jump to article: www.theregister.com/2024/11/07/cisco_uiws_flaw/