Tag: cve
-
Warnung vor Microsoft Office Spoofing-Schwachstelle CVE-2024-38200
Microsoft hat zum 8. August 2024 (mit Update vom 10. August 2024) eine Warnung von einer ungepatchten Spoofing-Schwachstelle CVE-2024-38200 veröffentl… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/08/12/warnung-vor-microsoft-office-spoofing-schwachstelle-cve-2024-38200/
-
CVE-2024-38063: An In-Depth Look at the Critical Remote Code Execution Vulnerability
In a recent security advisory, Microsoft disclosed a high-severity vulnerability identified as CVE-2024-38063. This critical Remote Code Execution (RC… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/cve-2024-38063-an-in-depth-look-at-the-critical-remote-code-execution-vulnerability/
-
A Deep Dive Into CVE-2023-2163: How Google Found And Fixed An eBPF Linux Kernel Vulnerability
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36196/A-Deep-Dive-Into-CVE-2023-2163-How-Google-Found-And-Fixed-An-eBPF-Linux-Kernel-Vulnerability.html
-
PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions
A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to execute arbitrary SQL functions. This vu… First seen on gbhackers.com Jump to article: gbhackers.com/postgresql-vulnerability-hackers-execute-arbitrary-sql-functions/
-
Hackers Exploiting WinRAR Flaw To Attacks Windows Linux(ESXi) Machines
Head Mare, a hacktivist group targeting Russia and Belarus, leverages phishing campaigns distributing WinRAR archives to exploit CVE-2023-38831 for in… First seen on gbhackers.com Jump to article: gbhackers.com/hackers-exploiting-winrar-flaw-2/
-
Windows Server durch PoC-Exploit für CVE-2024-38077 gefährdet
Nochmals ein Nachgang zum Juli 2024-Patchday, bei dem Microsoft die Schwachstelle CVE-2024-38077 in Windows Server geschlossen hat. Es handelt sich um… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/08/09/windows-server-durch-poc-exploit-fr-cve-2024-38077-gefhrdet/
-
Rockwell PLC Security Bypass Threatens Manufacturing Processes
A security vulnerability in Rockwell Automation’s ControlLogix 1756 programmable logic controllers, tracked as CVE-2024-6242, could allow tampering wi… First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/rockwell-plc-security-bypass-threatens-manufacturing-processes
-
Critical OpenSSH Vulnerability in FreeBSD Allows Remote Root Access
A newly discovered OpenSSH vulnerability in FreeBSD systems has been reported. This critical flaw, identified as CVE-2024-7589, could allow attackers … First seen on thecyberexpress.com Jump to article: thecyberexpress.com/openssh-vulnerability-in-freebsd/
-
CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz
IntroductionOn August 5, 2024, researchers at SonicWall discovered a zero-day security flaw in Apache OFBiz tracked as CVE-2024-38856. The vulnerabili… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/cve-2024-38856-pre-auth-rce-vulnerability-in-apache-ofbiz/
-
Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)
Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to stea… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/09/cve-2024-42219-cve-2024-42218/
-
Critical Apache OfBiz Vulnerability Allows Preauth RCE
The enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide a… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/critical-apache-ofbiz-vulnerability-allows-preauth-rce
-
Updates schützen vor Cyberattacken – Kritische Schwachstelle CVE-2023-45249 in Acronis Cyber Infrastructure
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-schwachstelle-acronis-cyber-infrastructure-update-a-868a4c1f152e0a578c7597c9efb880c1/
-
CVEs Surge 30% in 2024, Only 0.91% Weaponized
Tags: cveFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cves-surge-30-2024/
-
Google warns of an actively exploited Android kernel flaw
Google addressed an actively exploited high-severity vulnerability, tracked as CVE-2024-36971, impacting the Android kernel. Google fixed a high-sever… First seen on securityaffairs.com Jump to article: securityaffairs.com/166656/breaking-news/google-actively-exploited-android-kernel-flaw.html
-
Check Point sheds light on Windows MSHTML zero-day flaw
A Check Point Software Technologies researcher who discovered CVE-2024-38112 said the Windows spoofing vulnerability may have been exploited as far ba… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366593234/Check-Point-sheds-light-on-Windows-MSHTML-zero-day-flaw
-
Exploitable Storage and Backup Vulnerabilities: A Growing Threat to Enterprise Security
On July 29, a critical vulnerability in Acronis Cyber Infrastructure (ACI), tracked as CVE-2023-45249, was highlighted by CISA as being actively explo… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/exploitable-storage-and-backup-vulnerabilities-a-growing-threat-to-enterprise-security/
-
Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)
Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails a… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/07/cve-2024-42009-cve-2024-42008/
-
Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)
CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthentic… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/05/cve-2024-38856/
-
Security Bypass Vulnerability Found in Rockwell Automation Logix Controllers
A high-severity security bypass vulnerability tracked as CVE-2024-6242 has been found and fixed in Rockwell Automation Logix controllers. The post Sec… First seen on securityweek.com Jump to article: www.securityweek.com/security-bypass-vulnerability-found-in-rockwell-automation-logix-controllers/
-
Leaked Wallpaper Vulnerability Exposes Windows Users to Privilege Escalation Attacks
A newly discovered vulnerability in Windows File Explorer has raised alarms within the cybersecurity community. Identified as CVE-2024-38100, this sec… First seen on gbhackers.com Jump to article: gbhackers.com/leaked-wallpaper-vulnerability-exposes-windows/
-
Hackers Actively Exploiting WordPress Plugin Arbitrary File Upload Vulnerability
Hackers have been actively exploiting a critical vulnerability in the WordPress plugin 简数采集器 (Keydatas). The vulnerability, CVE-2024-6220, a… First seen on gbhackers.com Jump to article: gbhackers.com/exploiting-wordpress-plugin/
-
Bitdefender Flaw Let Attackers Trigger Server-Side Request Forgery Attacks
A recently discovered vulnerability in Bitdefender’s GravityZone Update Server has raised significant security concerns. Identified as CVE-2024-6980, … First seen on gbhackers.com Jump to article: gbhackers.com/bitdefender-flaw-let-attackers/
-
Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085
Shadowserver researchers reported that over 20,000 internet-exposed VMware ESXi instances are affected by the actively exploited flaw CVE-2024-37085. … First seen on securityaffairs.com Jump to article: securityaffairs.com/166432/hacking/vmware-esxi-cve-2024-37085-vulnerable-instances.html
-
Security Bypass Vulnerability Exposed in Rockwell Automation Logix Controllers
A security flaw in Rockwell Automation’s Logix controllers has been highlighted. This security bypass vulnerability, identified as CVE-2024-6242, affe… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/security-bypass-vulnerability-in-rockwell/
-
Critical OpenSSH vulnerability could affect millions of servers
Exploitation against CVE-2024-6387, which Qualys nicknamed ‘regreSSHion,’ could let attackers bypass security measures and gain root access to vulnera… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366592376/Critical-OpenSSH-vulnerability-could-affect-millions-of-servers
-
Recent Vulnerabilities in Cybersecurity: July 2024 CVE Roundup
Recent cybersecurity vulnerabilities reported on the National Institute of Standards and Technology (NIST)’s National Vulnerability Database pose sign… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/recent-vulnerabilities-in-cybersecurity-july-2024-cve-roundup/
-
CVE-2024-37085: VMware ESXi Vulnerability Exploited by Ransomware Gangs
Microsoft Threat Intelligence has disclosed a vulnerability (CVE-2024-37085) in VMware ESXi hypervisors, which is being actively exploited in the wild… First seen on securityonline.info Jump to article: securityonline.info/cve-2024-37085-vmware-esxi-vulnerability-exploited-by-ransomware-gangs/
-
Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085
Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that m… First seen on securityaffairs.com Jump to article: securityaffairs.com/166295/cyber-crime/ransomware-gangs-exploit-cve-2024-37085-vmware-esxi.html
-
VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)
Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/30/cve-2024-37085-exploited/
-
Top CVEs of July 2024: Key Vulnerabilities and Mitigations
July 2024 has surfaced a series of significant vulnerabilities that could compromise the security of many organizations. From Bamboo Data Center flaws… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/top-cves-of-july-2024-key-vulnerabilities-and-mitigations/