Tag: cve
-
Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)
Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file tra… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/25/cve-2024-5805-cve-2024-5806/
-
Exploitation Attempts Target New MOVEit Transfer Vulnerability
Exploitation attempts targeting CVE-2024-5806, a critical MOVEit Transfer vulnerability patched recently, have started. The post tion attempts targeti… First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-attempts-target-new-moveit-transfer-vulnerability/
-
Mailcow Patches Critical XSS and File Overwrite Flaws Update NOW
lcow email servers faced critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) allowing potential remote code execution. Update to Mailcow 2024… First seen on hackread.com Jump to article: hackread.com/mailcow-patches-critical-xss-file-overwrite-flaws/
-
CosmicSting: Schwachstelle CVE-2024-34102 gefährdet Adobe Commerce- und Magento-Shops
Kleiner Nachtrag von letzter Woche. Seit Mitte des Monats ist bekannt, dass in Adobe Commerce- und Magento-Online-Shops die Schwachstelle CVE-2024-341… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/24/cosmicsting-schwachstelle-cve-2024-34102-gefhrdet-adobe-commerce-und-magento-shops/
-
Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995
Threat actors are actively exploiting a recently discovered vulnerability in SolarWinds Serv-U software using publicly available proof-of-concept (PoC… First seen on securityaffairs.com Jump to article: securityaffairs.com/164806/hacking/solarwinds-serv-u-cve-2024-28995-exploit.html
-
PrestaShop Website Under Injection Attack Via Facebook Module
A critical vulnerability has been discovered in the >>Facebook
-
Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code
Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to execute arbitrary code o… First seen on gbhackers.com Jump to article: gbhackers.com/mailcow-mail-server-remote-code-execution/
-
Phoenix UEFI vulnerability impacts hundreds of Intel PC models
A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/phoenix-uefi-vulnerability-impacts-hundreds-of-intel-pc-models/
-
Kritische Schwachstelle CVE-2024-38428 in wget
Im Kommandozeilenprogramm wget gibt es eine kritische Schwachstelle, die mit dem CVSS Base Score 10.0 bewertet wird. CERT-Bund warnt vor der Schwachst… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/18/kritische-schwachstelle-cve-2024-38428-in-wget-dringend-handeln/
-
Phoenix SecureCore UEFI Flaw Exposes Intel Processors to ‘UEFIcanhazbufferoverflow'<< Vulnerability
A newly discovered vulnerability, CVE-2024-0762, dubbed UEFIcanhazbufferoverflow, has recently come to light in the Phoenix SecureCore UEFI firmware, … First seen on thecyberexpress.com Jump to article: thecyberexpress.com/ueficanhazbufferoverflow-vulnerability/
-
CVE-2024-3080: ASUS warns Customers about the latest Authentication Bypass Vulnerability detected Across seven Router Models
ASUS announces major Firmware Update ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different var… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/cve-2024-3080-asus-warns-customers-about-the-latest-authentication-bypass-vulnerability-detected-across-seven-router-models/
-
Broadcom Advises Urgent Patch for Severe VMware vCenter Server Vulnerabilities
tical security vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) found in VMware vCenter Server! Patch immediately to safeguard virtual… First seen on hackread.com Jump to article: hackread.com/broadcom-patch-vmware-vcenter-server-vulnerabilities/
-
Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability
Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware…. First seen on securityweek.com Jump to article: www.securityweek.com/hundreds-of-pc-server-models-possibly-affected-by-serious-phoenix-uefi-vulnerability/
-
Critical PHP Flaw CVE-2024-4577 Patched
A critical remote code execution bug (CVE-2024-4577) in all versions of PHP on Windows has been patched. The bug also affects all Windows versions of … First seen on duo.com Jump to article: duo.com/decipher/critical-php-flaw-cve-2024-4577-patched
-
Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers
Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild.Tracked as CVE-2024-4… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/arm-warns-of-actively-exploited-zero.html
-
Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)
VMware by Broadcom has fixed two critical vulnerabilities (CVE-2024-37079, CVE-2024-37080) affecting VMware vCenter Server and products that contain i… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/18/cve-2024-37079-cve-2024-37080/
-
Outlook-Schwachstelle CVE-2024-30103 ermöglicht Remote-Code-Ausführung; Patch im Juni 2024
Mit den Sicherheitsupdates vom 11. Juni 2024 hat Microsoft auch eine kritische Schwachstelle in Microsoft Outlook geschlossen. Die Schwachstelle CVE-2… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/15/outlook-schwachstelle-cve-2024-30103-ermglicht-remote-code-ausfhrung-patch-im-juni-2024/
-
Exploit Attempts Against Check Point CVE-2024-24919 On the Rise
First seen on duo.com Jump to article: duo.com/decipher/exploit-attempts-against-check-point-cve-2024-24919-on-the-rise
-
0-day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads
A significant vulnerability, tracked as CVE-2024-37629, has been discovered in SummerNote 0.8.18. It allows Cross-Site Scripting (XSS) via the Code Vi… First seen on gbhackers.com Jump to article: gbhackers.com/0day-vulnerability-xss-payloads/
-
CVE of the month, CheckPoint Security Gateway exploit CVE-2024-24919
This month we dive into CheckPoints CVE-2024-24919 to explain what this vulnerability does and why we have seen it being used in the wild already! The… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/cve-of-the-month-checkpoint-security-gateway-exploit-cve-2024-24919/
-
Exploit for Veeam Recovery Orchestrator auth bypass available, patch now
A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been rel… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-for-veeam-recovery-orchestrator-auth-bypass-available-patch-now/
-
Developing a Plan to Respond to Critical CVEs in Open Source Software
First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/developing-plan-to-respond-to-critical-cves-open-source-software
-
Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation
The zero-day is tagged as CVE-2024-32896 and described as an elevation of privilege issue in Pixel Firmware. The post -day is tagged as CVE-2024-32896… First seen on securityweek.com Jump to article: www.securityweek.com/google-warns-of-pixel-firmware-zero-day-under-limited-targeted-exploitation/
-
Hotel-Check-In-System: Schwachstelle CVE-2024-37364 in Ariane Allegro Scenario Player legt Daten offen
Wieder ein Sicherheitsproblem bei einem Hotel-Check-In-System, bei dem Daten von Hotelgästen offen werden konnten. Es reichte ein falsches Zeichen ein… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/10/hotel-check-in-system-schwachstelle-cve-2024-37364-in-ariane-allegro-scenario-player-legt-daten-offen/
-
Ransomware Group May Have Exploited Windows Vulnerability as Zero-Day
The Black Basta ransomware gang may have exploited the Windows privilege escalation flaw CVE-2024-26169 before it was patched. The post k Basta ransom… First seen on securityweek.com Jump to article: www.securityweek.com/ransomware-group-may-have-exploited-windows-vulnerability-as-zero-day/
-
Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. Patch it now!
A proof-of-concept (PoC) exploit code for a Veeam Backup Enterprise Manager authentication bypass flaw CVE-2024-29849 is publicly available. Researche… First seen on securityaffairs.com Jump to article: securityaffairs.com/164407/hacking/veeam-cve-2024-29849-poc.html
-
Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)
June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw (CVE-2024-30080) and a RCE vulnerability in Microsoft Outlo… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/11/cve-2024-30080-cve-2024-30103/
-
Microsoft Urges Windows Admins to Patch Microsoft Message Queuing RCE Flaw
Microsoft has disclosed two Critical remote code execution vulnerabilities in MSMQ (Microsoft Message Queuing) and the Windows Wi-Fi Driver. The CVE f… First seen on gbhackers.com Jump to article: gbhackers.com/microsoft-message-queuing-rce-flaw/
-
CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability
Introduction Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an o… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
-
TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers
The TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshe… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/tellyouthepass-ransomware-exploits-recent-php-rce-flaw-to-breach-servers/