Tag: cve
-
Attackers exploit second Ivanti Cloud Service Appliance flaw for more access
Hackers are exploiting the vulnerability in tandem with a previously disclosed CVE, to bypass authentication measures and take control of an affected … First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ivanti-critical-cves-exploits/727632/
-
Sicherheitswarnung für Progress Kemp LoadMaster 2024-7591 gefährdet Netzwerke mit LoadMaster
Tags: cveFirst seen on security-insider.de Jump to article: www.security-insider.de/progress-kemp-updates-loadmaster-multi-tenant-hypervisor-a-5dd89039eeb16bd1df5fcf0df70f6f6d/
-
CVE-2023-49559 bedroht Webanwendungen – Denial-ofAngriff durch Schwachstelle in gqlparser
First seen on security-insider.de Jump to article: www.security-insider.de/dos-schwachstelle-gqlparser-bibliothek-cve-2023-49559-update-a-822db54d9d5eddd444d8ea9856443ecd/
-
CVE-2024-20439 und CVE-2024-20440 – CVSS 9.8 Schwachstelle im Cisco Smart Licensing Utility
First seen on security-insider.de Jump to article: www.security-insider.de/cisco-sicherheitswarnung-kritische-schwachstellen-smart-licensing-utility-a-0940d0adb0d80e8b71058a45a7f8b73d/
-
Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)
Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard fo… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/19/cve-2024-45488/
-
Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited. The … First seen on securityweek.com Jump to article: www.securityweek.com/ivanti-warns-of-second-csa-vulnerability-exploited-in-attacks/
-
Oracle Vulnerabilities From ‘Miracle Exploit’ Targeted in Attacks
CISA is warning organizations that two Oracle vulnerabilities tracked as CVE-2022-21445 and CVE-2020-14644 are being exploited in the wild. The post … First seen on securityweek.com Jump to article: www.securityweek.com/cisa-oracle-vulnerabilities-from-miracle-exploit-targeted-in-attacks/
-
PoC Exploit Released for CVE-2024-7965 Zero-Day Chrome Vulnerability
A proof-of-concept (PoC) exploit has been released for a critical zero-day vulnerability identified as CVE-2024-7965, affecting Google’s Chrome browse… First seen on gbhackers.com Jump to article: gbhackers.com/poc-exploit-released-zero-day/
-
Broadcom fixed Critical VMware vCenter Server flaw CVE-2024-38812
Broadcom addressed a critical vulnerability in the VMware vCenter Server that could allow remote attackers to achieve code execution. Broadcom release… First seen on securityaffairs.com Jump to article: securityaffairs.com/168536/security/vmware-vcenter-server-cve-2024-38812.html
-
CVE-2024-38856 and CVE-2024-45195 Apache OFBiz Security Vulnerabilities August 2024
Critical Security Vulnerabilities (CVE-2024-38856 and CVE-2024-45195) in Apache OFBiz Expose Enterprise Systems to Potential Data Breaches and Disrupt… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-38856-and-cve-2024-45195-apache-ofbiz-security-vulnerabilities-august-2024/
-
Microsoft Windows Kernel Vulnerability Exploited in the Wild
Microsoft has confirmed the exploitation of a Windows Kernel vulnerability, identified as CVE-2024-37985, in the wild. This vulnerability, first relea… First seen on gbhackers.com Jump to article: gbhackers.com/microsoft-windows-kernel-vulnerability/
-
LibreOffice Repair Mode Vulnerability Let Attackers Mark the Document as Not Valid
LibreOffice users are urged to update their software after disclosing a critical vulnerability, CVE-2024-7788, which affects the document repair mode…. First seen on gbhackers.com Jump to article: gbhackers.com/libreoffice-repair-mode-vulnerability/
-
PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)
CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the at… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/17/cve-2024-8190/
-
Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024
Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461, was actively exploited as a zero-day before July 2024. Microsoft warn… First seen on securityaffairs.com Jump to article: securityaffairs.com/168467/hacking/windows-cve-2024-43461-actively-exploited-before-july-2024.html
-
Exploit code released for critical Ivanti RCE flaw, patch now
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-code-released-for-critical-ivanti-rce-flaw-patch-now/
-
SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager
SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. SolarWinds released security… First seen on securityaffairs.com Jump to article: securityaffairs.com/168456/security/solarwinds-fixed-rce-cve-2024-28991.html
-
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML a software component used by various apps for rendering render web pages on Windows … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/16/cve-2024-43461-exploited/
-
Windows vulnerability abused braille spaces in zero-day attacks
A recently fixed Windows MSHTML spoofing vulnerability tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-vulnerability-abused-braille-spaces-in-zero-day-attacks/
-
How to manage the rising tide of CVEs
Tags: cveFirst seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cyber-security-vulnerability-management-CVE/726710/
-
Kritische Schwachstelle CVE-2024-40766 – CVSS 9.3 Firewalls von Sonicwall in Gefahr
First seen on security-insider.de Jump to article: www.security-insider.de/sonicwall-firewalls-angriffe-schutzmassnahmen-cve-2024-40766-a-fb6be1e1993f9f52f8ca402442ac8faf/
-
Ivanti Cloud Service Appliance flaw is being actively exploited in the wild
Ivanti warned that recently patched flaw CVE-2024-8190 in Cloud Service Appliance (CSA) is being actively exploited in the wild. Ivanti warned that a … First seen on securityaffairs.com Jump to article: securityaffairs.com/168388/hacking/ivanti-csa-cve-2024-8190.html
-
CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability
On September 10, 2024, Ivanti released a security advisory for a command injection vulnerability for it’s Cloud Service Appliance (CSA) product. Initi… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-8190-investigating-cisa-kev-ivanti-cloud-service-appliance-command-injection-vulnerability/
-
Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure
The Ivanti Cloud Service Appliance vulnerability CVE-2024-8190 has been exploited in the wild, with attacks starting just days after disclosure. The p… First seen on securityweek.com Jump to article: www.securityweek.com/ivanti-csa-vulnerability-exploited-in-attacks-days-after-disclosure/
-
SonicWall firewall CVE exploits linked to ransomware attacks
First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/sonicwall-firewall-exploits/726579/
-
CVE-2024-28986 SolarWinds Web Help Desk Security Vulnerability August 2024
A critical vulnerability (CVE-2024-28986) in SolarWinds Web Help Desk puts systems at risk of exploitation, requiring immediate attention. Affected Pl… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-28986-solarwinds-web-help-desk-security-vulnerability-august-2024/
-
Hackers Exploiting Apache OFBiz RCE Vulnerability in the Wild
A critical vulnerability in the Apache OFBiz framework has been actively exploited by hackers. The flaw designated CVE-2024-45195, allows for unauthen… First seen on gbhackers.com Jump to article: gbhackers.com/apache-ofbiz-rce-vulnerability/
-
Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT
A recent advanced malware campaign leverages a phishing attack to deliver a seemingly benign Excel file that exploits CVE-2017-0199. By exploiting thi… First seen on gbhackers.com Jump to article: gbhackers.com/weaponized-excel-fileless-remcos-rat/
-
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
Introduction Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an o… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/
-
Feds warn of broad Russia-linked CVE exploits targeting critical infrastructure
Attackers operating under the direction of Russia’s military intelligence service are targeting governments, finance, transportation, energy and healt… First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/russia-targets-global-critical-infrastructure/726327/