Tag: cvss
-
Critical Vulnerability in Kubernetes Image Builder Exposes Nodes to Root Access
A new security risk has emerged in the Kubernetes Image Builder, posing a critical threat to organizations that utilize this tool for managing their containerized environments. The Kubernetes Image Builder vulnerability tracked as CVE-2024-9486, has been assigned a CVSS score of 9.8, indicating its severity. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/kubernetes-image-builder-vulnerability/
-
CVSS 9.8 für SAP BusinessObjects BI – Deshalb sollten Sie das Oktober-Update von SAP schnellstmöglich installieren
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecken-sap-business-objects-bi-a-a78a921f070e867a281fcdb41b9f8a0d/
-
The Sky is Falling! (Again)
We’ve been here before, haven’t we? Every other week, a new vulnerability with a sky-high CVSS score causes a frenzy. This time, it’s a 9.9 CVSS vulnerability that was billed as a gift to hackers a remote exploit that would supposedly render all Linux systems defenseless. The announcement of the vulnerability came with the… First…
-
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches.Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10.”An issue was discovered in GitLab EE…
-
Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks
A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks. With a CVSS base score of 9.8, the flaw is identified as Use-after-free in the Animation timeline component tracked as CVE-2024-9680 reported by Damien Schaeffer from ESET.” An attacker was able to achieve code execution in the…
-
Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems
Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands.The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck.”A vulnerability in the Nortek Linear…
-
19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks CVE-2024-45519
A critical vulnerability in Zimbra’s postjournal service, identified as CVE-2024-45519, has left over 19,600 public Zimbra installations exposed to remote code execution attacks. This vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations, posing a significant threat to the security and integrity of these systems. Scans…
-
Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug
Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. The flaw is an Improper Restriction…
-
Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems
A critical vulnerability has been discovered in Cisco’s Nexus Dashboard Fabric Controller (NDFC), potentially allowing hackers to execute arbitrary commands on affected systems. This flaw, identified as CVE-2024-20432, was first published on October 2, 2024. Its CVSS score of 9.9 indicates its severe impact. Vulnerability Details The vulnerability resides in the Cisco NDFC’s REST API…
-
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch
Tags: cisa, cve, cvss, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical…
-
JFrog untersucht CUPS-Schwachstellen: Erhöhtes Risiko bei Unix-basierten Legacy-Systemen
Trotz anfänglicher Bewertungen, die einige Schwachstellen als kritisch einstuften, führte eine weitere Analyse zu einer Überarbeitung der Schweregrade. So stufte Red Hat beispielsweise den CVSS-Score für CVE-2024-47177 von 9.9 auf 6.1 herab und räumte ein First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-untersucht-cups-schwachstellen-erhoehtes-risiko-bei-unix-basierten-legacy-systemen/a38503/
-
DrayTek fixed critical flaws in over 700,000 exposed routers
DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/draytek-fixed-critical-flaws-in-over-700-000-exposed-routers/
-
Critical Nvidia Security Flaw Exposes Cloud AI Systems to Host Takeover
Nvidia confirms risk of code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVSS 9/10. The post Critical Nvidia Security Flaw Exposes Cloud AI Systems to Host Takeover appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-nvidia-container-flaw-exposes-cloud-ai-systems-to-host-takeover/
-
Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers
A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host.The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has…
-
Critical Nvidia Container Flaw Exposes Cloud AI Systems to Host Takeover
Nvidia confirms risk of code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVSS 9/10. The post Critical Nvidia Container Flaw Exposes Cloud AI Systems to Host Takeover appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-nvidia-container-flaw-exposes-cloud-ai-systems-to-host-takeover/
-
Kritische Schwachstelle – CVSS 10 Gravierende Sicherheitslücke in GitLab-Server
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-gitlab-aktualisierung-empfohlen-a-8b5682238205777cca84488338d6b379/
-
Rockwell Automation PLC Software Contains RCE Flaw
Attackers Could Shut Down Operations Or Cause Physical Damage. A severe vulnerability in Rockwell Automation software used to configure programmable logic controllers could allow attackers to remotely execute malicious code. The vulnerability is rated 8.8 on the CVSS v4 scale. The U.S. Cybersecurity and Infrastructure Security Agency advised immediate patching. First seen on govinfosecurity.com Jump…
-
Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
Tags: cve, cvss, exploit, flaw, framework, iot, remote-code-execution, risk, software, vulnerabilityA critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution.The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0. It has been described as a stack-based overflow vulnerability in ASF’s implementation of the tinydhcp…
-
CVE-2024-20439 und CVE-2024-20440 – CVSS 9.8 Schwachstelle im Cisco Smart Licensing Utility
First seen on security-insider.de Jump to article: www.security-insider.de/cisco-sicherheitswarnung-kritische-schwachstellen-smart-licensing-utility-a-0940d0adb0d80e8b71058a45a7f8b73d/
-
CISA Releases Six Advisories for Industrial Control Systems
Tags: automation, cisa, control, cve, cvss, cyber, cybersecurity, data, infrastructure, software, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued six advisories concerning vulnerabilities: These advisories highlight critical industrial control system vulnerabilities. Rockwell Automation’s RSLogix 5 and RSLogix 500 software Rockwell Automation’s RSLogix 5 and RSLogix 500 software are vulnerable due to insufficient verification of data authenticity, identified as CVE-2024-7847. This vulnerability has a CVSS v4…
-
Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild.The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was “incidentally addressed” by the company as part of CSA 4.6 Patch 519 and…
-
GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass.The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by…
-
CVSS 9.9 und 9.1 – Kritische Schwachstellen in Kibana ermöglichen Malware-Angriffe
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecken-in-kibana-updates-verfuegbar-a-8bffa8d000328fd2825053e9435fe78e/
-
VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10. The post VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/vmware-patches-remote-code-execution-flaw-found-in-chinese-hacking-contest/
-
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks
SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution.The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of…
-
JFrog Software Supply Chain Report zeigt, dass viele kritische CVSS-Scores irreführend sind
74 Prozent der Bewertungen von Schwachstellen mit hohen oder kritischen CVSS-Scores sind irreführend trotzdem verbringen 60 Prozent der Sicherheits- … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-software-supply-chain-report-zeigt-dass-viele-kritische-cvss-scores-irrefuehrend-sind/a36964/
-
Windows MSHTML Zero-Day Vulnerability Exploited In The Wild
Adobe released eight security updates in September 2024, addressing 28 vulnerabilities in various products, as ColdFusion received a critical patch to mitigate a code execution flaw rated at CVSS 9.8. Other critical vulnerabilities were found in Photoshop, Illustrator, Premier Pro, After Effects, Audition, and Media Encoder. Adobe prioritizes these updates for deployment due to their…
-
Kritische Schwachstelle CVE-2024-40766 – CVSS 9.3 Firewalls von Sonicwall in Gefahr
First seen on security-insider.de Jump to article: www.security-insider.de/sonicwall-firewalls-angriffe-schutzmassnahmen-cve-2024-40766-a-fb6be1e1993f9f52f8ca402442ac8faf/
-
Siemens Industrial Edge Management Vulnerable to Authorization Bypass Attacks
Siemens ProductCERT has disclosed a critical vulnerability in its Industrial Edge Management systems. The vulnerability, identified as CVE-2024-45032, poses a significant risk by allowing unauthenticated remote attackers to impersonate other devices within the system. This flaw has been rated with a maximum CVSS score of 10.0, indicating its severe potential impact. CVE Details The vulnerability…