Tag: cvss

OpenWrt Update Flaw Exposed Devices to Malicious Firmware

Dec 10, 2024 10:08 PM

Tags: cve, cvss, data-breach, firmware, flaw, hacker, linux, malicious, service, update, vulnerability

Embedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity Check. A critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, with a CVSS core of 9.3 and tracked as CVE-2024-54143. First seen on…
CVE-2024-11205: WPForms Plugin Vulnerability Exposes 6 Million WordPress Sites to Financial Risk

Dec 10, 2024 10:07 AM

Tags: cve, cvss, finance, risk, vulnerability, wordpress

A critical vulnerability, identified as CVE-2024-11205, was discovered in the WPForms plugin, a popular WordPress form builder used by over 6 million active websites. This vulnerability, which has been assigned a high CVSS score of 8.5, targets businesses relying on WPForms for payment processing and subscription management, especially those using Stripe integration. First seen on…
Veeam issues patch for critical RCE bug

Dec 4, 2024 3:48 PM

Tags: advisory, backup, cisco, cve, cvss, data, exploit, flaw, germany, Internet, leak, microsoft, mitigation, ntlm, ransomware, rce, remote-code-execution, service, threat, unauthorized, update, veeam, vulnerability, windows

Veeam is warning its customers of two vulnerabilities, of which one is a critical RCE bug, affecting the Service Provider Console (VSPC), a web-based management platform for managed service providers (MSPs).On Tuesday, the data protection and backup solutions provider that powers IT systems availability for leading brands like Cisco, Lenovo, and NASA, issued an advisory…
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

Dec 4, 2024 6:48 AM

Tags: cve, cvss, flaw, rce, remote-code-execution, service, update, veeam, vulnerability

Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances.The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing.”From the…
Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

Dec 4, 2024 6:48 AM

Tags: access, cve, cvss, flaw, identity, software, unauthorized, vulnerability

A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory.The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions.IdentityIQ “allows First seen on…
SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

Dec 3, 2024 2:48 PM

Tags: access, antivirus, attack, browser, credentials, cve, cvss, data, email, exploit, flaw, fortinet, framework, healthcare, login, malicious, malware, microsoft, office, phishing, remote-code-execution, risk, software, threat, vulnerability, windows

Threat actors are using a well-known modular malware loader, SmokeLoader, to exploit known Microsoft Office vulnerabilities and steal sensitive browser credentials.The loader which runs a framework to deploy multiple malware modules, was observed by Fortinet’s FortiGuard Labs in attacks targeting manufacturing, healthcare, and IT companies in Taiwan.”SmokeLoader, known for its ability to deliver other malicious…
CVSS-Wert ist unzureichend – Unternehmen schließen nur selten Sicherheitslücken

Dec 3, 2024 8:49 AM

Tags: cvss

First seen on security-insider.de Jump to article: www.security-insider.de/analyse-schwachstellenmanagement-unternehmen-a-2f1a61b367bfe87694e8805a6e9f678b/
JFrog Software Supply Chain Report zeigt, dass viele kritische CVSS-Scores irreführend sind

Dec 1, 2024 8:27 PM

Tags: cvss, software, supply-chain, vulnerability

74 Prozent der Bewertungen von Schwachstellen mit hohen oder kritischen CVSS-Scores sind irreführend trotzdem verbringen 60 Prozent der Sicherheits- … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-software-supply-chain-report-zeigt-dass-viele-kritische-cvss-scores-irrefuehrend-sind/a36964/
FYSA Critical RCE Flaw in GNU-Linux Systems

Dec 1, 2024 3:26 PM

Tags: cvss, flaw, linux, rce, remote-code-execution, vulnerability

Summary A severe, unauthenticated remote code execution (RCE) flaw has been discovered in GNU Linux systems. The vulnerability, rated CVSS 9.9, affect… First seen on securityintelligence.com Jump to article: securityintelligence.com/news/fysa-critical-rce-flaw-in-gnu-linux-systems/
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Nov 26, 2024 3:10 PM

Tags: attack, cve, cvss, firewall, flaw, malicious, spam, vulnerability, wordpress

Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution.The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in…
QNAP fixes critical security holes in its networking solutions

Nov 26, 2024 1:10 PM

Tags: access, advisory, authentication, cve, cvss, data, flaw, healthcare, injection, network, router, service, software, unauthorized, vulnerability

Network and software solutions provider QNAP, whose customers include trusted IT service providers like Accenture, Cognizant, and Infosys, is urging customers to apply fixes for a few critical severity bugs affecting its Network Attached Storage (NAS) and router services.The flaws, which include a mix of missing authentication and OS command injection bugs, could allow remote…
Walking the Walk: How Tenable Embraces Its >>Secure by Design<< Pledge to CISA

Nov 25, 2024 6:51 PM

Tags: access, application-security, attack, authentication, best-practice, business, cisa, cloud, conference, container, control, credentials, cve, cvss, cyber, cybersecurity, data, data-breach, defense, exploit, Hardware, identity, infrastructure, injection, Internet, leak, lessons-learned, mfa, open-source, passkey, password, phishing, risk, saas, service, siem, software, sql, strategy, supply-chain, theft, threat, tool, update, vulnerability, vulnerability-management

As a cybersecurity leader, Tenable was proud to be one of the original signatories of CISA’s “Secure by Design” pledge earlier this year. Our embrace of this pledge underscores our commitment to security-first principles and reaffirms our dedication to shipping robust, secure products that our users can trust. Read on to learn how we’re standing…
Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Nov 25, 2024 9:54 AM

Tags: cvss, cyber, exploit, service, vulnerability

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content management solution. The vulnerability, rated with a CVSS v3.1 Base Score of 9.8 (Critical), could allow attackers to execute arbitrary code on affected servers. This exploit leverages vulnerabilities inherent to the .NET Remoting service used by Enterprise Vault. The Nature…
GeoVision 0-Day Vulnerability Exploited in the Wild

Nov 18, 2024 7:53 AM

Tags: authentication, cve, cvss, cyber, cybersecurity, exploit, flaw, injection, vulnerability, zero-day

Cybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices, which the manufacturer no longer supports. The vulnerability, now designated as CVE-2024-11120, has been assigned a high-severity CVSS score of 9.8 and used by a sophisticated botnet. The security flaw is a pre-authentication command injection vulnerability, which allows attackers to execute arbitrary…
High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Nov 15, 2024 8:53 AM

Tags: cve, cvss, cybersecurity, exploit, flaw, hacker, open-source, vulnerability

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure.The vulnerability, tracked as CVE-2024-10979, carries a CVSS score of 8.8.Environment variables are user-defined values that can allow a program First seen on thehackernews.com…
Thousands of EOL D-Link Routers Vulnerable to Password Change Attacks

Nov 13, 2024 7:53 AM

Tags: attack, cvss, cyber, password, router, vulnerability

In a critical security disclosure, it has been revealed that thousands of end-of-life (EOL) D-Link DSL-6740C routers are vulnerable to password change attacks. The vulnerability tracked as CVE-2024-11068 has been rated as critical by the TWCERT/CC, with an alarming CVSS score of 9.8. The affected routers, no longer supported by D-Link as of January 15, 2024, are…
Critical Veeam CVE targeted by new ransomware variant

Nov 12, 2024 6:04 PM

Tags: cve, cvss, exploit, ransomware, risk, veeam

Multiple ransomware variants are now targeting the CVE, which has a CVSS of 9.8. For customers, the risk of exploitation is only increasing. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/veeam-cve-exploit-frag-ransomware/732670/
Understand CVE vs CVSS for Improved Cybersecurity

Nov 8, 2024 9:04 PM

Tags: cve, cvss, cybersecurity, data, threat, vulnerability

CWEs and CVEs have similarities and differences. Understanding both can help you keep your organization secure. Staying ahead of vulnerabilities is critical for any cybersecurity pro tasked with protecting an organization’s assets and data in a constantly shifting threat landscape. The Common Vulnerabilities and Exposures (CVE) system and the Common Vulnerability Scoring System (CVSS) are……
Max-Critical Cisco Bug Enables Command-Injection Attacks

Nov 8, 2024 6:05 PM

Tags: access, attack, cisco, cvss, exploit, injection, malicious, vulnerability

Though Cisco reports of no known malicious exploitation attempts, but thanks to a CVSS 10 out of 10 security vulnerability (CVE-2024-20418) three of its wireless access points are vulnerable to remote, unauthenticated cyberattacks. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cisco-bug-command-injection-attacks
CVSS 9.8 für ScienceLogic SL1 Day-Schwachstelle in ScienceLogic-Monitoring

Nov 8, 2024 8:04 AM

Tags: cvss, monitoring, vulnerability, zero-day

First seen on security-insider.de Jump to article: www.security-insider.de/-rackspace-warnung-sciencelogic-schwachstelle-update-a-f4569fd7f0bd9e251be849563276c808/
Cisco scores a perfect CVSS 10 with critical flaw in its wireless system

Nov 7, 2024 1:03 PM

Tags: cisco, cvss, flaw

Ultra-Reliable Wireless Backhaul doesn’t live up to its name First seen on theregister.com Jump to article: www.theregister.com/2024/11/07/cisco_uiws_flaw/
Critical Veeam CVE actively exploited in ransomware attacks

Oct 28, 2024 4:51 PM

Tags: attack, cve, cvss, exploit, group, ransomware, veeam, vulnerability

Multiple ransomware groups targeted the vulnerability, which has a CVSS score of 9.8, more than a month after it was disclosed and patched by the data… First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/veeam-critical-cve-exploits-ransomware/730570/
CVSS 9.8 für SAP BusinessObjects BI – Deshalb sollten Sie das Oktober-Update von SAP schnellstmöglich installieren

Oct 17, 2024 6:36 AM

Tags: cvss, sap, update

First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecken-sap-business-objects-bi-a-a78a921f070e867a281fcdb41b9f8a0d/
The Sky is Falling! (Again)

Oct 11, 2024 8:55 PM

Tags: cvss, vulnerability

We’ve been here before, haven’t we? Every other week, a new vulnerability with a sky-high CVSS score causes a frenzy. This time, it’s a 9.9 CVSS vulne… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/the-sky-is-falling-again/
EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?

Oct 7, 2024 12:01 PM

Tags: cvss, vulnerability

Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these score… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/epss-vs-cvss-whats-best-approach-to.html
Kritische Schwachstelle – CVSS 10 Gravierende Sicherheitslücke in GitLab-Server

Oct 2, 2024 10:37 AM

Tags: bug, cvss, gitlab, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-gitlab-aktualisierung-empfohlen-a-8b5682238205777cca84488338d6b379/
Critical Nvidia Security Flaw Exposes Cloud AI Systems to Host Takeover

Sep 27, 2024 3:36 PM

Tags: ai, cloud, cvss, data, flaw, nvidia, risk, service

Nvidia confirms risk of code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVSS 9/10. The post C… First seen on securityweek.com Jump to article: www.securityweek.com/critical-nvidia-container-flaw-exposes-cloud-ai-systems-to-host-takeover/
Critical Nvidia Container Flaw Exposes Cloud AI Systems to Host Takeover

Sep 27, 2024 2:36 PM

Tags: ai, cloud, container, cvss, data, flaw, nvidia, risk, service

Nvidia confirms risk of code execution, denial of service, escalation of privileges, information disclosure, and data tampering. CVSS 9/10. The post C… First seen on securityweek.com Jump to article: www.securityweek.com/critical-nvidia-container-flaw-exposes-cloud-ai-systems-to-host-takeover/
CVE-2024-20439 und CVE-2024-20440 – CVSS 9.8 Schwachstelle im Cisco Smart Licensing Utility

Sep 24, 2024 3:12 PM

Tags: cisco, cve, cvss, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/cisco-sicherheitswarnung-kritische-schwachstellen-smart-licensing-utility-a-0940d0adb0d80e8b71058a45a7f8b73d/
CVSS 9.9 und 9.1 – Kritische Schwachstellen in Kibana ermöglichen Malware-Angriffe

Sep 20, 2024 6:30 AM

Tags: cvss, cyberattack, malware, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecken-in-kibana-updates-verfuegbar-a-8bffa8d000328fd2825053e9435fe78e/