Tag: cvss
-
Critical Veeam CVE actively exploited in ransomware attacks
by
in SecurityNewsMultiple ransomware groups targeted the vulnerability, which has a CVSS score of 9.8, more than a month after it was disclosed and patched by the data… First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/veeam-critical-cve-exploits-ransomware/730570/
-
CVSS 9.8 für SAP BusinessObjects BI – Deshalb sollten Sie das Oktober-Update von SAP schnellstmöglich installieren
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecken-sap-business-objects-bi-a-a78a921f070e867a281fcdb41b9f8a0d/
-
The Sky is Falling! (Again)
by
in SecurityNewsWe’ve been here before, haven’t we? Every other week, a new vulnerability with a sky-high CVSS score causes a frenzy. This time, it’s a 9.9 CVSS vulne… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/the-sky-is-falling-again/
-
EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?
by
in SecurityNewsMany businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these score… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/epss-vs-cvss-whats-best-approach-to.html
-
Kritische Schwachstelle – CVSS 10 Gravierende Sicherheitslücke in GitLab-Server
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-gitlab-aktualisierung-empfohlen-a-8b5682238205777cca84488338d6b379/
-
Critical Nvidia Security Flaw Exposes Cloud AI Systems to Host Takeover
Nvidia confirms risk of code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVSS 9/10. The post C… First seen on securityweek.com Jump to article: www.securityweek.com/critical-nvidia-container-flaw-exposes-cloud-ai-systems-to-host-takeover/
-
Critical Nvidia Container Flaw Exposes Cloud AI Systems to Host Takeover
Nvidia confirms risk of code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVSS 9/10. The post C… First seen on securityweek.com Jump to article: www.securityweek.com/critical-nvidia-container-flaw-exposes-cloud-ai-systems-to-host-takeover/
-
CVE-2024-20439 und CVE-2024-20440 – CVSS 9.8 Schwachstelle im Cisco Smart Licensing Utility
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/cisco-sicherheitswarnung-kritische-schwachstellen-smart-licensing-utility-a-0940d0adb0d80e8b71058a45a7f8b73d/
-
CVSS 9.9 und 9.1 – Kritische Schwachstellen in Kibana ermöglichen Malware-Angriffe
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecken-in-kibana-updates-verfuegbar-a-8bffa8d000328fd2825053e9435fe78e/
-
VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
by
in SecurityNewsVMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10. The post … First seen on securityweek.com Jump to article: www.securityweek.com/vmware-patches-remote-code-execution-flaw-found-in-chinese-hacking-contest/
-
Kritische Schwachstelle CVE-2024-40766 – CVSS 9.3 Firewalls von Sonicwall in Gefahr
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/sonicwall-firewalls-angriffe-schutzmassnahmen-cve-2024-40766-a-fb6be1e1993f9f52f8ca402442ac8faf/
-
Microsoft Patchday September 2024 – CVSS 9.8 Ungewöhnlich viele Schwachstellen unter Angriff
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/microsoft-patchday-september-2024-sicherheitsluecken-geschlossen-a-a8e6fbdd0a08424d9e5649faad84faee/
-
Kritische Sicherheitslücken – CVSS 10 und CVSS 9.8 in Windows und WordPress
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecken-wordpress-windows-a-ac1646154eca9f5f51ca7cbafa79e43e/
-
China-Nexus Group Velvet Ant Exploits Cisco Zero-Day (CVE-2024-20399)
by
in SecurityNewsAt the beginning of 2024, the Chinese group Velvet Ant exploited a patched zero-day vulnerability (CVE-2024-20399, CVSS 6.7) in Cisco switches to gain… First seen on securityonline.info Jump to article: securityonline.info/china-nexus-group-velvet-ant-exploits-cisco-zero-day-cve-2024-20399/
-
Schwachstellen in AIX mit CVSS von 8.8 – Angreifer können Malware in AIX ausführen
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/ibm-aix-sicherheitsupdates-cve-2023-45803-cve-2024-6345-a-bd357378173eebe713e26a72754d0509/
-
Beyond CVSS: Advanced Vulnerability Prioritization Strategies for Modern Threats
by
in SecurityNewsThe sheer volume of vulnerabilities discovered each year, combined with limited time and resources, demands a more sophisticated strategy for prioriti… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/beyond-cvss-advanced-vulnerability-prioritization-strategies-for-modern-threats/
-
Malware-Gefahr für Kibana – CVSS-9.9-Schwachstelle in Kibana
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/kritische-schwachstelle-kibana-sicherheitsupdates-a-fd1bb969e3e4d815126aba466c5dab87/
-
Critical Apache OfBiz Vulnerability Allows Preauth RCE
by
in SecurityNewsThe enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide a… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/critical-apache-ofbiz-vulnerability-allows-preauth-rce
-
Sicherheitslücken in Telerik Report Server – CVSS 9.9: Telerik Report Server anfällig für Malware
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-cve-2024-6327-progress-telerik-report-server-a-369ea31e83ec49df65d6a168a59551ae/
-
Angreifer können Cisco SEG übernehmen – CVSS 9.8 Sicherheitslücke in Cisco Secure Email Gateway
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/cisco-secure-email-gateway-schwachstelle-update-a-99be56431542b3cafb1e82ba6df075b4/
-
Cisco schließt kritische Sicherheitslücke in SSM On-Prem – CVSS-10-Schwachstelle in Cisco Smart Software Manager
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-cisco-smart-software-manager-on-prem-a-f3dc3073995eec63a2fae505e0ed2ca5/
-
Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018
by
in SecurityNewsThe vulnerability, tagged as CVE-2024-41110 with a CVSS severity score of 10/10, was originally found and fixed in 2018. The post Docker Patches Criti… First seen on securityweek.com Jump to article: www.securityweek.com/docker-patches-critical-authz-plugin-bypass-vulnerability-dating-back-to-2018/
-
Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code
by
in SecurityNewsA critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as CVE-2024-6744. This flaw assigned a CVSS score of 9… First seen on gbhackers.com Jump to article: gbhackers.com/cellopoint-secure-email-gateway-flaw/
-
Kritische Sicherheitslücke in Juniper Session Smart Routern – CVSS 10 Schwachstelle in Juniper-Routern
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/updates-juniper-sicherheitsluecken-session-smart-router-a-c8a92a27eeee3031e6a83d69aee86420/
-
CVSS Score: A Comprehensive Guide to Vulnerability Scoring
by
in SecurityNewsSecurity professionals constantly battle to identify and patch vulnerabilities before attackers exploit them. But how do we measure the severity of th… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/cvss-score-a-comprehensive-guide-to-vulnerability-scoring/
-
Patched: RCE Flaw That Affects Critical Manufacturing
by
in SecurityNewsHackers Have Not Yet Exploited the CVSS 10-Rated Flaw, Says PTC. Software maker for critical manufacturing organizations PTC patched a critical flaw t… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/patched-rce-flaw-that-affects-critical-manufacturing-a-25699
-
CVSS 10: Lücke in KI-Framework PyTorch gefährdet Netzwerke – ML-Framework PyTorch ermöglicht Cyberattacken
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/kritische-luecke-pytorch-sicherheitstipps-updates-a-b036731dce3c4657d3070df45865f02e/
-
Kritische Schwachstelle CVE-2024-38428 in wget
by
in SecurityNewsIm Kommandozeilenprogramm wget gibt es eine kritische Schwachstelle, die mit dem CVSS Base Score 10.0 bewertet wird. CERT-Bund warnt vor der Schwachst… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/18/kritische-schwachstelle-cve-2024-38428-in-wget-dringend-handeln/
-
Schwachstelle in IBM App Connect Enterprise Certified Container – CVSS 9.8 IBM schließt kritische Sicherheitslücke
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/ibm-app-connect-enterprise-certified-container-schwachstelle-cve-2024-29651-a-b0ea419abca0ffae816e963d608a9298/
-
UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware
by
in SecurityNewsSummary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7…. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/