Tag: cve
-
Exploit for critical Veeam auth bypass available, patch now
A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available,… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-for-critical-veeam-auth-bypass-available-patch-now/
-
PHP Patches Critical Remote Code Execution Vulnerability
PHP has released patches for CVE-2024-4577, a critical vulnerability that could lead to arbitrary code execution on remote servers. The post released … First seen on securityweek.com Jump to article: www.securityweek.com/php-patches-critical-remote-code-execution-vulnerability/
-
CVE-2024-29849: Veeam discloses Critical Vulnerability that allows attackers to bypass user authentication on its Backup Enterprise Manager web interface
On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager (VBEM) web interface that enables an unauthenticated attacker… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/cve-2024-29849-veeam-discloses-critical-vulnerability-that-allows-attackers-to-bypass-user-authentication-on-its-backup-enterprise-manager-web-interface/
-
Chinese threat actor exploits old ThinkPHP flaws since October 2023
Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researche… First seen on securityaffairs.com Jump to article: securityaffairs.com/164239/hacking/hackers-exploits-old-thinkphp-flaws.html
-
Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells
Chinese threat actors are targeting ThinkPHP applications vulnerable to CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama…. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-2018-thinkphp-flaws-to-install-dama-web-shells/
-
Zyxel patches critical flaws in EOL NAS devices
Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached stor… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/06/cve-2024-29972-cve-2024-29973-cve-2024-29974/
-
BSI-Warnung vor Schwachstelle CVE-2024-24919 in Check Point Security Gateways; Einfallstor für CDU-Hack?
Ich nehme alles zurück und behaupte das Gegenteil. Gerade ist mir eine Warnung des Bundesamts für Sicherheit in der Informationstechnik (BSI) unter di… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/03/bsi-warnung-vor-schwachstelle-cve-2024-24919-in-check-point-security-gateways-einfallstor-fr-cdu-hack/
-
PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)
Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achiev… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/04/cve-2024-4358-cve-2024-1800-poc/
-
Why CVEs Are an Incentives Problem
It’s time to rethink the pivotal role incentives play in shaping behavior to find and disclose software vulnerabilities. More accurate guidance to ref… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/why-cves-are-an-incentives-problem
-
CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability
CISA has added an old Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog. The post added an old Oracle WebLo… First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-attacks-exploiting-old-oracle-weblogic-vulnerability/
-
Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)
Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/31/cve-2024-24919/
-
Check Point Remote VPN Sicherheitsupdate für CVE-2024-24919
In Check Point Remote Access VPN gibt es eine Schwachstelle CVE-2024-24919, die von Angreifern seit Ende April 2024 für Angriffe verwendet wird. Diese… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/05/31/check-point-remote-vpn-sicherheitsupdate-fr-cve-2024-24919/
-
CISA Warns of Exploited Linux Kernel Vulnerability
CISA instructs federal agencies to mitigate CVE-2024-1086, a Linux kernel flaw leading to privilege escalation. The post tructs federal agencies to mi… First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-exploited-linux-kernel-vulnerability/
-
Top 5 CVEs and Vulnerabilities of May 2024
May brought a fresh batch of security headaches. This month, we’re focusing on critical vulnerabilities in widely used software like Apache, Gitlab, a… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/top-5-cves-and-vulnerabilities-of-may-2024/
-
Progress Telerik Report Server Flaw Let Attackers Bypass Authentication
A new vulnerability related to authentication bypass was discovered in the Progress Telerik Report server. The CVE for this vulnerability has been ass… First seen on gbhackers.com Jump to article: gbhackers.com/progress-telerik-report-server/
-
RedTail Cryptominer Evolves with Palo Alto PAN-OS CVE-2024-3400 Vulnerability
The operators of RedTail cryptominer, which was the biggest cryptominer operation last year, have now started to take advantage of the Palo Alto PAN-O… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/redtail-cryptominer/
-
Schwachstellen im ZScaler Client-Connector
Noch eine kurze Information für Leser, die den Client-Connector von ZScaler in ihrer Umgebung einsetzen. Dort sind gleich drei Schwachstellen CVE-2023… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/05/28/schwachstellen-im-zscaler-client-connector/
-
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)
Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthe… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/29/cve-2024-23108-cve-2023-34992-poc/
-
NIST Getting Outside Help for National Vulnerability Database
NIST is receiving support to get the NVD and CVE processing back on track within the next few months. The post receiving support to get the NVD and CV… First seen on securityweek.com Jump to article: www.securityweek.com/nist-getting-outside-help-for-national-vulnerability-database/
-
CVE-2023-47610 – Sicherheitslücken in Cinterion-Modems gefunden
Tags: cveFirst seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsforscher-entdecken-gefaehrliche-schwachstellen-bei-cinterion-modems-a-41e0b207f49b227e47800cf502aa4107/
-
Experts released PoC exploit code for RCE in Fortinet SIEM
Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution. Security researchers at… First seen on securityaffairs.com Jump to article: securityaffairs.com/163797/hacking/fortinet-siem-critical-rce-poc.html
-
Check Point VPN Attacks Involve Zero-Day Exploited Since April
The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords. The post n… First seen on securityweek.com Jump to article: www.securityweek.com/check-point-vpn-attacks-involve-zero-day-exploited-since-april/
-
PoC Exploit Released For macOS Privilege Escalation Vulnerability
A new vulnerability has been discovered in macOS Sonoma that is associated with privilege escalation. This vulnerability has been assigned with CVE-20… First seen on gbhackers.com Jump to article: gbhackers.com/poc-exploit-macos-privilege-escalation/
-
Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks
Tags: cveAll developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not intro… First seen on thehackernews.com Jump to article: thehackernews.com/2024/05/defending-your-commits-from-known-cves.html
-
Google Patches Chrome Zero-Day: Type Confusion in V8 JavaScript
Google has released a patch for a zero-day exploit in its Chrome browser. The vulnerability, identified as CVE-2024-5274, involves a confusion issue i… First seen on gbhackers.com Jump to article: gbhackers.com/patches-chrome-zero-day/
-
New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs
A new report from XM Cyber has found among other insights – a dramatic gap between where most organizations focus their security efforts, and where th… First seen on thehackernews.com Jump to article: thehackernews.com/2024/05/new-xm-cyber-research-80-of-exposures.html
-
Google Patches Fourth Chrome Zero-Day in Two Weeks
Exploited in the wild, Chrome vulnerability CVE-2024-5274 is a high-severity flaw described as a type confusion in the V8 JavaScript and WebAssembly e… First seen on securityweek.com Jump to article: www.securityweek.com/google-patches-fourth-chrome-zero-day-in-two-weeks/
-
Schwachstellen im ZScaler Client Connector
Noch eine kurze Information für Leser, die den Client-Connector von ZScaler in ihrer Umgebung einsetzen. Dort sind gleich drei Schwachstellen CVE-2023… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/05/28/schwachstellen-im-zscaler-client-connector/
-
New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation
Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild…. First seen on thehackernews.com Jump to article: thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html
-
GitHub warns of SAML auth bypass flaw in Enterprise Server
GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4986, which impacts GitHub Enterpris… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-warns-of-saml-auth-bypass-flaw-in-enterprise-server/