Tag: cve

Microsoft Says Windows Not Impacted by regreSSHion as Second OpenSSH Bug Is Found

Jul 16, 2024 5:55 PM

Tags: cve, microsoft, remote-code-execution, vulnerability, windows

A second remote code execution vulnerability, tracked as CVE-2024-6409, was found in OpenSSH during an analysis of the regreSSHion flaw. The post Micr… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-says-windows-not-impacted-by-regresshion-as-second-openssh-bug-is-found/
How CVE-2022-24785 MomentJS Path Traversal Works: Detailed Exploit Guide

Jul 15, 2024 9:55 PM

Tags: cve, exploit, guide

First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36079/How-CVE-2022-24785-MomentJS-Path-Traversal-Works-Detailed-Exploit-Guide.html
Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Jul 14, 2024 6:55 PM

Tags: cve, exploit, flaw, malware, threat

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The Akamai Security Intellig… First seen on securityaffairs.com Jump to article: securityaffairs.com/165586/hacking/php-flaw-cve-2024-4577-actively-exploited.html
VMware fixed critical SQL-Injection in Aria Automation product

Jul 13, 2024 11:55 PM

Tags: automation, cve, injection, sql, vmware, vulnerability

VMware addressed a critical SQL-Injection vulnerability, tracked as CVE-2024-22280, impacting Aria Automation. Virtualization giant VMware addressed a… First seen on securityaffairs.com Jump to article: securityaffairs.com/165560/security/vmware-aria-automation-critical-sql-injection.html
A new flaw in OpenSSH can lead to remote code execution

Jul 12, 2024 8:55 PM

Tags: cve, flaw, remote-code-execution, vulnerability

A vulnerability affects some versions of the OpenSSH secure networking suite, it can potentially lead to remote code execution. The vulnerability CVE-… First seen on securityaffairs.com Jump to article: securityaffairs.com/165535/hacking/openssh-flaw-cve-2024-6409.html
Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)

Jul 12, 2024 1:55 PM

Tags: cve, exploit, microsoft, vulnerability, windows, zero-day

CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by at… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/10/cve-2024-38112-cve-2024-38021/
Passwort Folge 5: Common Vulnerabilities and Exposures

Jul 10, 2024 9:09 PM

Tags: cve, linux, password, vulnerability

Im Podcast von heise security diskutieren die Hosts das System der CVE-Nummern: Wie funktioniert die, wo klemmt es und warum will Linux das System kap… First seen on heise.de Jump to article: www.heise.de/news/Passwort-Folge-5-Common-Vulnerabilities-and-Exposures-9777933.html
Ghostscript Rendering Platform Vulnerability Let Attackers Execute Remote Code

Jul 10, 2024 9:08 PM

Tags: cve, flaw, vulnerability

A critical vulnerability has been discovered in the Ghostscript rendering platform, identified as CVE-2024-29510. This flaw, a format string vulnerabi… First seen on gbhackers.com Jump to article: gbhackers.com/ghostscript-rendering-vulnerability/
Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)

Jul 10, 2024 9:08 PM

Tags: cve, exploit, microsoft, update, zero-day

For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080,… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/09/microsoft-fixes-two-zero-days-exploited-by-attackers-cve-2024-38080-cve-2024-38112/
CVE-2024-20337 Allows Unauthorized Access to VPN Sessions

Jul 10, 2024 9:08 PM

Tags: access, cisco, cve, flaw, unauthorized, vpn, vulnerability

Cisco unveiled patches aimed at rectifying a high-severity security flaw discovered within its Secure Client software. This vulnerability, identified … First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-20337-cisco-secure-client/
Critical Ghostscript flaw exploited in the wild. Patch it now!

Jul 10, 2024 9:08 PM

Tags: cve, exploit, flaw, threat, update, vulnerability

Threat actors are exploiting Ghostscript vulnerability CVE-2024-29510 to bypass the sandbox and achieve remote code execution. Threat actors are activ… First seen on securityaffairs.com Jump to article: securityaffairs.com/165449/hacking/ghostscript-vulnerability-cve-2024-29510.html
Apache fixed a source code disclosure flaw in Apache HTTP Server

Jul 10, 2024 11:08 AM

Tags: apache, cve, flaw, software, vulnerability

The Apache Foundation addressed a critical source code disclosure vulnerability, tracked as CVE-2024-39884, in the HTTP Server. The Apache Software Fo… First seen on securityaffairs.com Jump to article: securityaffairs.com/165422/security/apache-source-code-disclosure-flaw-apache-http-server.html
MSI Center: Schwachstelle CVE-2024-37726 ermöglicht System-Privilegien

Jul 10, 2024 9:07 AM

Tags: cve, international, vulnerability, windows

Noch eine kurze Meldung für Windows-Nutzer die das MSI Center von Micro-Star International auf ihrem System installiert haben. Es gibt eine Local Priv… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/07/06/msi-center-schwachstelle-cve-2024-37726-ermglicht-system-privilegien/
Check Point discovers vulnerability tied to VPN attacks

Jul 10, 2024 4:08 AM

Tags: attack, cve, threat, vpn, vulnerability

While Check Point identified CVE-2024-24919 as the root cause behind recent attack attempts on its VPN products, it’s unclear if threat actors gained … First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366586616/Check-Point-discovers-vulnerability-tied-to-VPN-attacks
99% of IoT exploitation attempts rely on previously known CVEs

Jul 9, 2024 1:08 PM

Tags: cve, exploit, Internet, iot, privacy

The explosion of Internet of Things (IoT) devices has brought about a wide range of security and privacy challenges, according to Bitdefender and NETG… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/05/iot-security-privacy-challenges/
RegreSSHion-Sicherheitslücke CVE-2024-6387 – Millionen Linux-Systeme sind über OpenSSH angreifbar

Jul 9, 2024 7:08 AM

Tags: bug, cve, linux

First seen on security-insider.de Jump to article: www.security-insider.de/qualys-entdeckt-sicherheitsluecke-in-openssh-a-cf3ed0e947247c683611f2c3891b7713/
CVE-2024-6387: New OpenSSH RegreSSHion Vulnerability Gives Hackers Root Access on Linux Servers 700,000+ Linux Boxes Potentially at Risk

Jul 8, 2024 1:30 PM

Tags: access, cve, hacker, linux, risk, vulnerability

Labeled as CVE-2024-6387, the recently discovered vulnerability in OpenSSH has become a serious cause for concern among Linux servers. OpenSSH is a co… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/cve-2024-6387-new-openssh-regresshion-vulnerability-gives-hackers-root-access-on-linux-servers-700000-linux-boxes-potentially-at-risk/
regreSSHion: Kritische OpenSSH Server-Schwachstelle CVE-2024-6387

Jul 5, 2024 11:47 PM

Tags: bug, cve, vulnerability

In OpenSSH-Server wurde eine kritische Schwachstelle CVE-2024-6387 offen gelegt. Die als regreSSHion bezeichnete Sicherheitslücke ermöglicht eine Remo… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/07/02/regresshion-kritische-openssh-server-schwachstelle-cve-2024-6387/
regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely

Jul 4, 2024 5:47 PM

Tags: attack, cve, exploit, flaw, vulnerability

The critical OpenSSH vulnerability tracked as regreSSHion and CVE-2024-6387 may already be targeted by attackers, but mass exploitation is unlikely. T… First seen on securityweek.com Jump to article: www.securityweek.com/regresshion-openssh-flaw-potential-exploitation-attempts-seen-but-mass-attacks-unlikely/
CVE of the month, the supply chain attack hidden for 10 years CVE-2024-38368

Jul 4, 2024 1:47 PM

Tags: attack, cve, supply-chain, vulnerability

For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or s… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/cve-of-the-month-the-supply-chain-attack-hidden-for-10-years-cve-2024-38368/
RegreSSHion CVE-2024-6387: A Targeted Exploit in the Wild

Jul 4, 2024 3:47 AM

Tags: cve, exploit, flaw

A critical security flaw, known as regression and cataloged under CVE-2024-6387, has been identified in OpenSSH, just a few days ago. This vulnerabili… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/regresshion-cve-2024-6387-a-targeted-exploit-in-the-wild/
Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769

Jul 3, 2024 3:47 PM

Tags: cve, exploit, flaw, router, threat, vulnerability, wifi

Experts spotted threat actors exploiting the critical vulnerability CVE-2024-0769 affects all D-Link DIR-859 WiFi routers. Researchers from cybersecur… First seen on securityaffairs.com Jump to article: securityaffairs.com/165045/hacking/d-link-dir-859-actively-exploited.html
Water Sigbin Exploiting Oracle WebLogic Server Flaw

Jul 3, 2024 1:47 PM

Tags: crypto, cve, exploit, flaw, oracle, vulnerability

Water Sigbin (8220 Gang) exploits vulnerabilities (CVE-2017-3506, CVE-2023-21839) in Oracle WebLogic servers to deliver cryptocurrency miners using Po… First seen on gbhackers.com Jump to article: gbhackers.com/water-sigbin-exploiting-oracle/
Dev rejects CVE severity, makes his GitHub repo read-only

Jul 2, 2024 7:47 PM

Tags: cve, github

The popular open source project, ‘ip’ had its GitHub repository archived, or made read-only by its developer as a result of a dubious CVE report filed… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/
A Playbook for Detecting the OpenSSH Vulnerability CVE-2024-6387 regreSSHion

Jul 2, 2024 1:47 PM

Tags: cve, software, threat, vulnerability

The Qualys Threat Research Unit has discovered a new high severity signal handler race condition vulnerability in OpenSSH’s server software (sshd). Ac… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/a-playbook-for-detecting-the-openssh-vulnerability-cve-2024-6387-regresshion/
Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack

Jul 2, 2024 12:47 PM

Tags: attack, cve, remote-code-execution, vulnerability

Millions of OpenSSH servers could be vulnerable to unauthenticated remote code execution due to a vulnerability tracked as regreSSHion and CVE-2024-63… First seen on securityweek.com Jump to article: www.securityweek.com/millions-of-openssh-servers-potentially-vulnerable-to-remote-regresshion-attack/
Juniper Networks Issues Critical Patch for Router Vulnerability, CVE-2024-2973

Jul 2, 2024 9:45 AM

Tags: cve, network, router, update, vulnerability

Juniper Networks has urgently released security updates to address a critical vulnerability affecting some of its routers, identified as CVE-2024-2973… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/juniper-networks-router-vulnerability/
Microsoft Active Directory Netlogon Elevation of Privilege CVE-2020-1472

Jul 1, 2024 7:18 PM

Tags: cve, microsoft, vulnerability

Summary On August 11th, 2020 Microsoft publicly disclosed the existence of a critical severity Elevation of Priviledge (EOP) vulnerability that impact… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2020/08/12/microsoft-active-directory-netlogon-elevation-of-privilege-cve-2020-1472/
Progress MOVEit Transfer: Angriffe auf Schwachstelle CVE-2024-5806

Jul 1, 2024 1:19 PM

Tags: cve, cyberattack, moveIT, software, vulnerability

In der Software Progress MOVEit Transfer wurde kürzlich die Schwachstelle CVE-2024-5806 bekannt. Bereits kurz nach Veröffentlichung dieser Information… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/26/progress-moveit-transfer-angriffe-auf-schwachstelle-cve-2024-5806/
Critical Vulnerability in MOVEit Transfer Let Hackers Gain Files Access

Jun 26, 2024 8:43 PM

Tags: access, cve, hacker, moveIT, vulnerability

A critical security vulnerability, CVE-2024-5806, has been identified in MOVEit Transfer, a widely used managed file transfer software. The vulnerabil… First seen on gbhackers.com Jump to article: gbhackers.com/authentication-bypass-vulnerability-in-moveit-transfer/