Tag: cvss

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Jun 14, 2024 12:24 PM

by

Andy Stern

in SecurityNews

Tags: cvss, flaw, windows

Microsofthas discloseda critical vulnerabilityidentified asCVE-2024-30088. With a CVSS score of 8.8, this flaw affects Microsoft Windows and allows lo… First seen on gbhackers.com Jump to article: gbhackers.com/microsoft-windows-ntqueryinformationtoken/
Patch Tuesday: Remote Code Execution Flaw in Microsoft Message Queuing

Jun 12, 2024 7:24 PM

by

Andy Stern

in SecurityNews

Tags: cvss, exploit, flaw, malicious, microsoft, remote-code-execution, update, vulnerability, windows

The Windows vulnerability carries a CVSS severity score of 9.8/10 and can be exploited by via specially crafted malicious MSMQ packets. The post ows v… First seen on securityweek.com Jump to article: www.securityweek.com/patch-tuesday-remote-code-execution-flaw-in-microsoft-message-queuing/
Github Enterprise Server: Sicherheitslücke verleiht Angreifern Admin-Zugriff

Jun 1, 2024 2:05 PM

by

Andy Stern

in SecurityNews

Tags: access, bug, cvss, github, vulnerability

Die Schwachstelle betrifft alle GHES-Versionen vor 3.13.0 und erreicht den größtmöglichen CVSS-Score von 10. Gefährdet sind Instanzen mit SAML-SSO-Aut… First seen on golem.de Jump to article: www.golem.de/news/github-enterprise-server-sicherheitsluecke-verleiht-angreifern-admin-zugriff-2405-185314.html
Critical Netflix Genie Bug Opens Big Data Orchestration to RCE

May 30, 2024 3:04 PM

by

Andy Stern

in SecurityNews

Tags: cvss, data, open-source, rce, remote-code-execution, vulnerability

The severe security vulnerability (CVE-2024-4701, CVSS 9.9) gives remote attackers a way to burrow into Netflix’s Genie open source platform, which is… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/netflix-fixes-critical-vulnerability-on-big-data-orchestration-service
GitHub Issues Patch for Critical Exploit in Enterprise Server

May 24, 2024 1:20 PM

by

Andy Stern

in SecurityNews

Tags: cvss, exploit, github, update, vulnerability

The vulnerability affects all GHES versions prior to 3.13.0 and achieves the highest possible CVSS score of 10. Instances with SAML SSO authentication… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/github-issues-patch-for-critical-exploit-in-enterprise-server/
Intel’s Max Severity Flaw Affects AI Model Compressor Users

May 20, 2024 11:46 PM

by

Andy Stern

in SecurityNews

Tags: ai, cvss, flaw, hacker, intelligence

CVSS 10-Rated Bug Could Enable Hackers to Execute Arbitrary Code on Systems. A maximum-severity bug in Intel’s artificial intelligence model compressi… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/intels-max-severity-flaw-affects-ai-model-compressor-users-a-25275
BSI warnt vor Angriffen auf Palo-Alto-Firewalls: CVSS 10.0 – Kritische Schwachstellen in Firewalls ermöglichen Root-Zugriff

Apr 24, 2024 1:38 AM

by

Andy Stern

in SecurityNews

Tags: access, bsi, cvss, firewall, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/bsi-warnt-vor-sicherheitsluecken-in-palo-alto-networks-firewalls-a-b9781c3b9b0e301d5f75ae896154fae9/
China Steals Defense Secrets ‘on Industrial Scale’

Mar 26, 2024 8:37 AM

by

Andy Stern

in SecurityNews

Tags: china, cvss, defense, exploit, threat, vulnerability

UNC5174¯â¤¯UNC302: CVSS 10 and 9.8 vulnerabilities exploited by Chinese threat actor for People’s Republic. The post €¯â¤¯UNC302: CVSS 10 and 9.8 vu… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/china-steals-secrets-f5-connectwise-richixbw/
CVSS 4.0 Offers Significantly More Patching Context

Mar 4, 2024 11:42 AM

by

Andy Stern

in SecurityNews

Tags: cvss, update

First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/mileage-orgs-will-get-from-cvss-4-0-will-vary
Ransomware Warning as CVSS 10.0 ScreenConnect Bug is Exploited

Feb 24, 2024 12:39 PM

by

Andy Stern

in SecurityNews

Tags: cvss, exploit, ransomware

First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-cvss-100-screenconnect/
CVE Prioritizer: Open-source tool to prioritize vulnerability patching

Feb 19, 2024 7:19 AM

by

Andy Stern

in SecurityNews

Tags: cve, cvss, data, open-source, tool, update, vulnerability

CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CIS… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/02/19/cve-prioritizer-open-source-vulnerability-patching/
1000+ JetBrains TeamCity Instances Vulnerable to RCE Bypass Attacks

Feb 16, 2024 1:19 PM

by

Andy Stern

in SecurityNews

Tags: attack, cve, cvss, rce, remote-code-execution, vulnerability

A critical security vulnerability was detected in TeamCity On-Premises, tagged as CVE-2024-23917, with a CVSS score of 9.8. An unauthenticated attacke… First seen on gbhackers.com Jump to article: gbhackers.com/1000-jetbrains-teamcity-instances/
Schwachstellenbewertung – Was Sie unbedingt über CVSS wissen sollten!

Feb 15, 2024 1:19 PM

by

Andy Stern

in SecurityNews

Tags: cvss

First seen on security-insider.de Jump to article: www.security-insider.de/was-sie-unbedingt-ueber-cvss-wissen-sollten-a-786c1ca5b92cca49f39f442977a8883c/
TeamCity Authentication Bypass Flaw Let Attackers Gain Admin Control

Feb 12, 2024 5:34 AM

by

Andy Stern

in SecurityNews

Tags: authentication, control, cve, cvss, flaw

A critical security vulnerability was detected in TeamCity On-Premises, tagged as CVE-2024-23917, with a CVSS score of 9.8. An unauthenticated attacke… First seen on gbhackers.com Jump to article: gbhackers.com/teamcity-authentication-bypass-flaw/
Docker, Kubernetes und co.: Hacker können aus Containern auf Hostsysteme zugreifen

Feb 12, 2024 1:47 AM

by

Andy Stern

in SecurityNews

Tags: cvss, docker, hacker, kubernetes, tool, vulnerability

Die Schwachstellen dafür beziehen sich auf Buildkit und das CLI-Tool runc. Eine davon erreicht mit einem CVSS von 10 den maximal möglichen Schweregrad… First seen on golem.de Jump to article: www.golem.de/news/docker-kubernetes-und-co-hacker-koennen-aus-containern-auf-hostsysteme-zugreifen-2402-181875.html
Deutlich mehr Schwachstellen im Internet of Things (IoT)

Feb 12, 2024 1:47 AM

by

Andy Stern

in SecurityNews

Tags: cvss, Internet, vulnerability

Insgesamt wurden im ersten Halbjahr 2022 747 XIoT-Schwachstellen veröffentlicht, von denen die Mehrheit gemäß dem CVSS-Score als kritisch (19 %) oder … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/deutlich-mehr-schwachstellen-im-internet-of-things-iot/a33053/
Mediaalert Qualys: CISA veröffentlicht Sicherheitshinweis mit dem Schweregrad CVSS 10.0

Feb 12, 2024 1:47 AM

by

Andy Stern

in SecurityNews

Tags: cisa, cvss, vulnerability

Diese Schwachstelle ist auf dem höchsten Schweregrad für CVSS, 10.0, eingestuft, da sie sich auf Installationen auswirken könnte. Die Schwachstelle is… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/mediaalert-qualys-cisa-veroeffentlicht-sicherheitshinweis-mit-dem-schweregrad-cvss-10-0/a34131/
Twin Max-Severity Bugs Open Fortinet’s SIEM to Code Execution

Feb 10, 2024 1:42 PM

by

Andy Stern

in SecurityNews

Tags: cvss, cybersecurity, flaw, fortinet, siem, vulnerability

Full 10s on the CVSS vulnerability severity scale have been assigned to two flaws discovered in Fortinet’s FortiSIEM cybersecurity operations platform… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/fortinet-fortisiem-hit-with-twin-max-severity-bugs