Tag: cve
-
Linux-Kernel-Entwickler verteilen Sicherheitskorrekturen jetzt mit CVE-Einträgen
First seen on heise.de Jump to article: heise.de/news/Linux-Kernel-Entwickler-kennzeichnen-jetzt-Sicherheitskorrekturen-9628112.html
-
QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)
QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operatin… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/02/14/cve-2023-47218-cve-2023-50358/
-
Ivanti Gets Poor Marks for Cyber Incident Response
Cascading critical CVEs, cyberattacks, and delayed patching are plaguing Ivanti VPNs, and forcing cybersecurity teams to scramble for solutions. Resea… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/ivanti-poor-marks-cyber-incident-response
-
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-2… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/02/13/cve-2024-21412-cve-2024-21351/
-
Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)
CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/02/13/cve-2023-43770/
-
CVE-2023-43770 in Roundcube Email Software Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a vulnerability in the Roundcube email software to its Known Exploited… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2023-43770-roundcube/
-
Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762)
Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is >>potentially
-
Attacks begin on critical Atlassian Confluence vulnerability
Exploitation activity for CVE-2023-22527 marks the third time in four months that a critical Atlassian Confluence flaw has gained threat actors’ atten… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366567334/Attacks-begin-on-critical-Atlassian-Confluence-vulnerability
-
Chinese threat group exploited VMware vulnerability in 2021
After VMware confirmed that CVE-2023-34048 had been exploited, Mandiant attributed the activity to a China-nexus threat group and revealed that exploi… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366566917/Chinese-threat-group-exploited-VMware-vulnerability-in-2021
-
Active Scan Alert: Over 28,000 Ivanti Instances Exposed to Internet
Ivanti has disclosed two new zero-day vulnerabilities assigned with CVE-2024-21888 and CVE-2024-21893 in the products Ivanti Connect Secure and Ivanti… First seen on gbhackers.com Jump to article: gbhackers.com/ivanti-flaw-under-attack/
-
TeamCity Authentication Bypass Flaw Let Attackers Gain Admin Control
A critical security vulnerability was detected in TeamCity On-Premises, tagged as CVE-2024-23917, with a CVSS score of 9.8. An unauthenticated attacke… First seen on gbhackers.com Jump to article: gbhackers.com/teamcity-authentication-bypass-flaw/
-
February 2024 Patch Tuesday forecast: Zero days are back and a new server too
January 2024 Patch Tuesday is behind us. A relatively light release from Microsoft with 39 CVEs addressed in Windows 10, 35 in Windows 11, and surpris… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/02/09/february-2024-patch-tuesday-forecast/
-
40,000 Attacks Targeting CVE-2023-22527 in the Wild
Malicious actors swiftly seized upon a recently exposed critical security vulnerability affecting Atlassian Confluence Data Center and Confluence Serv… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2023-22527-40000-attacks/
-
CVE-2024-20253: Critical Code Execution Flaw in Cisco Products
Cisco has recently issued patches to rectify a critical security vulnerability affecting Unified Communications and Contact Center Solutions products,… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-20253-cisco/
-
CVE-2023-35081: Critical Flaw in Ivanti EPMM
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical flaw in Ivanti Endpoint Manager Mobile (EPMM) and MobileIron C… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2023-35081-ivanti-epmm/
-
Mispadu Trojan Now Exploiting CVE-2023-36025 Windows Flaw
The Mispadu banking Trojan has once again made headlines, leveraging a now-patched Windows SmartScreen security bypass flaw to compromise users in Mex… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/mispadu-trojan-exploiting-cve-2023-36025/
-
CVE-2023-40547: Shim RCE Flaw Impacts Major Linux Distros
The developers behind shim, the essential software component utilized as a first-stage boot loader on UEFI systems, have recently unveiled version 15…. First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2023-40547-shim-rce/
-
CVE-2024-21762: Critical Flaw in FortiOS SSL VPN Exploited
Fortinet has recently uncovered a critical security vulnerability, designated as CVE-2024-21762, within its FortiOS SSL VPN software. This flaw, with … First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-21762-fortios-ssl-vpn/
-
CVE-2024-23917: Critical JetBrains Takeover Vulnerability
JetBrains, the renowned developer of integrated development environments, has issued a critical alert urging all customers to update their TeamCity On… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-23917-jetbrains-teamcity-on-premises/
-
CVE-2024-21893: Ivanti Flaw Under Active, Mass Exploitation
A critical server-side request forgery vulnerability (CVE-2024-21893), affecting Ivanti Connect Secure and Policy Secure products has been exploited a… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-21893-ivanti-flaw-exploit/
-
CVE-2024-0402: Critical File Writing Vulnerability in GitLab
A vulnerability has been identified in GitLab CE/EE, impacting all versions from 16.0 to 16.5.8, 16.6 to 16.6.6, 16.7 to 16.7.4, and 16.8 to 16.8.1. T… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-0402-gitlab/
-
CVE-2023-6246: GNU C Flaw Exposes Linux to Local Privilege Escalation
A newly disclosed security vulnerability in the GNU C library (glibc) has raised significant concerns within the cybersecurity community. Tracked as C… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2023-6246-gnu-c-flaw-linux/
-
CVE-2022-48618: Apple Flaw in macOS, iOS Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a high-severity flaw to its Known Exploited Vulnerabilities (KEV) cata… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2022-48618-macos-ios/
-
Tenable Cloud Security erkennt Zero-Day-Bedrohungen nahezu in Echtzeit
Als Marktführer im Schwachstellenmanagement mit mehr als zwei Jahrzehnten Erfahrung verfügt Tenable über die branchenweit umfangreichsten CVE-Daten (C… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/tenable-cloud-security-erkennt-zero-day-bedrohungen-nahezu-in-echtzeit/a31912/
-
Ransomware-Angriff zielt auf VMware ESXi-Server weltweit
In Fällen, in denen das Patchen von CVE-2021-21974 Zeit in Anspruch nehmen wird, ist zu beachten, dass VMware auch Workarounds veröffentlicht hat, um … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ransomware-angriff-zielt-auf-vmware-esxi-server-weltweit/a33389/
-
Armis zeigt die risikoreichsten vernetzten Assets im Netzwerk
Tags: cveDie Forscher identifizierten eine beträchtliche Anzahl von mit dem Netzwerk verbundenen Assets, die für ungepatchte, ausnutzbare CVEs anfällig sind, d… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/armis-zeigt-die-risikoreichsten-vernetzten-assets-im-netzwerk/a35202/
-
Sysdig gibt Tipps zur Erkennung und Behebung der Schwachstelle Local Privilege Escalation
Die Sicherheitslücke CVE-2023-4911 betrifft nicht nur Standard-Linux-Server, sondern auch Container, Appliances und IoT-Geräte. Überall, wo Linux eing… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sysdig-gibt-tipps-zur-erkennung-und-behebung-der-schwachstelle-local-privilege-escalation/a35500/
-
Google Releases Eighth Zero-Day Patch of 2023 for Chrome
CVE-2023-7024, exploited in the wild prior to patching, is a Chrome vulnerability that allows remote code execution within the browser’s WebRTC compon… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/google-eighth-zero-day-patch-2023-chrome
-
[Video] CVE-2012-5076 Java Applet JAX-WS Remote Code Execution Metasploit Demo
this module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 201… First seen on http: Jump to article: feedproxy.google.com/~r/SecurityTube/~3/QKz6v4hMAXI/6248
-
[Video] A TALE OF TWO FIREFOX BUGS
This talk will discuss 100% reliable exploitation of CVE-2011-2371 (found by Chris Rohlf) by turning it into an infoleak and no heap spraying techniqu… First seen on http: Jump to article: feedproxy.google.com/~r/SecurityTube/~3/iGdZBHNGjjU/6205