Tag: cvss
-
VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10. The post … First seen on securityweek.com Jump to article: www.securityweek.com/vmware-patches-remote-code-execution-flaw-found-in-chinese-hacking-contest/
-
Kritische Schwachstelle CVE-2024-40766 – CVSS 9.3 Firewalls von Sonicwall in Gefahr
First seen on security-insider.de Jump to article: www.security-insider.de/sonicwall-firewalls-angriffe-schutzmassnahmen-cve-2024-40766-a-fb6be1e1993f9f52f8ca402442ac8faf/
-
Microsoft Patchday September 2024 – CVSS 9.8 Ungewöhnlich viele Schwachstellen unter Angriff
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-patchday-september-2024-sicherheitsluecken-geschlossen-a-a8e6fbdd0a08424d9e5649faad84faee/
-
Kritische Sicherheitslücken – CVSS 10 und CVSS 9.8 in Windows und WordPress
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecken-wordpress-windows-a-ac1646154eca9f5f51ca7cbafa79e43e/
-
China-Nexus Group Velvet Ant Exploits Cisco Zero-Day (CVE-2024-20399)
At the beginning of 2024, the Chinese group Velvet Ant exploited a patched zero-day vulnerability (CVE-2024-20399, CVSS 6.7) in Cisco switches to gain… First seen on securityonline.info Jump to article: securityonline.info/china-nexus-group-velvet-ant-exploits-cisco-zero-day-cve-2024-20399/
-
Schwachstellen in AIX mit CVSS von 8.8 – Angreifer können Malware in AIX ausführen
First seen on security-insider.de Jump to article: www.security-insider.de/ibm-aix-sicherheitsupdates-cve-2023-45803-cve-2024-6345-a-bd357378173eebe713e26a72754d0509/
-
Beyond CVSS: Advanced Vulnerability Prioritization Strategies for Modern Threats
The sheer volume of vulnerabilities discovered each year, combined with limited time and resources, demands a more sophisticated strategy for prioriti… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/beyond-cvss-advanced-vulnerability-prioritization-strategies-for-modern-threats/
-
Malware-Gefahr für Kibana – CVSS-9.9-Schwachstelle in Kibana
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-schwachstelle-kibana-sicherheitsupdates-a-fd1bb969e3e4d815126aba466c5dab87/
-
Critical Apache OfBiz Vulnerability Allows Preauth RCE
The enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide a… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/critical-apache-ofbiz-vulnerability-allows-preauth-rce
-
Sicherheitslücken in Telerik Report Server – CVSS 9.9: Telerik Report Server anfällig für Malware
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-cve-2024-6327-progress-telerik-report-server-a-369ea31e83ec49df65d6a168a59551ae/
-
Angreifer können Cisco SEG übernehmen – CVSS 9.8 Sicherheitslücke in Cisco Secure Email Gateway
First seen on security-insider.de Jump to article: www.security-insider.de/cisco-secure-email-gateway-schwachstelle-update-a-99be56431542b3cafb1e82ba6df075b4/
-
Cisco schließt kritische Sicherheitslücke in SSM On-Prem – CVSS-10-Schwachstelle in Cisco Smart Software Manager
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-cisco-smart-software-manager-on-prem-a-f3dc3073995eec63a2fae505e0ed2ca5/
-
Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018
The vulnerability, tagged as CVE-2024-41110 with a CVSS severity score of 10/10, was originally found and fixed in 2018. The post Docker Patches Criti… First seen on securityweek.com Jump to article: www.securityweek.com/docker-patches-critical-authz-plugin-bypass-vulnerability-dating-back-to-2018/
-
Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code
A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as CVE-2024-6744. This flaw assigned a CVSS score of 9… First seen on gbhackers.com Jump to article: gbhackers.com/cellopoint-secure-email-gateway-flaw/
-
Kritische Sicherheitslücke in Juniper Session Smart Routern – CVSS 10 Schwachstelle in Juniper-Routern
First seen on security-insider.de Jump to article: www.security-insider.de/updates-juniper-sicherheitsluecken-session-smart-router-a-c8a92a27eeee3031e6a83d69aee86420/
-
CVSS Score: A Comprehensive Guide to Vulnerability Scoring
Security professionals constantly battle to identify and patch vulnerabilities before attackers exploit them. But how do we measure the severity of th… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/cvss-score-a-comprehensive-guide-to-vulnerability-scoring/
-
Patched: RCE Flaw That Affects Critical Manufacturing
Hackers Have Not Yet Exploited the CVSS 10-Rated Flaw, Says PTC. Software maker for critical manufacturing organizations PTC patched a critical flaw t… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/patched-rce-flaw-that-affects-critical-manufacturing-a-25699
-
CVSS 10: Lücke in KI-Framework PyTorch gefährdet Netzwerke – ML-Framework PyTorch ermöglicht Cyberattacken
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-luecke-pytorch-sicherheitstipps-updates-a-b036731dce3c4657d3070df45865f02e/
-
Kritische Schwachstelle CVE-2024-38428 in wget
Im Kommandozeilenprogramm wget gibt es eine kritische Schwachstelle, die mit dem CVSS Base Score 10.0 bewertet wird. CERT-Bund warnt vor der Schwachst… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/18/kritische-schwachstelle-cve-2024-38428-in-wget-dringend-handeln/
-
Schwachstelle in IBM App Connect Enterprise Certified Container – CVSS 9.8 IBM schließt kritische Sicherheitslücke
First seen on security-insider.de Jump to article: www.security-insider.de/ibm-app-connect-enterprise-certified-container-schwachstelle-cve-2024-29651-a-b0ea419abca0ffae816e963d608a9298/
-
UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware
Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7…. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
-
Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges
Microsofthas discloseda critical vulnerabilityidentified asCVE-2024-30088. With a CVSS score of 8.8, this flaw affects Microsoft Windows and allows lo… First seen on gbhackers.com Jump to article: gbhackers.com/microsoft-windows-ntqueryinformationtoken/
-
Patch Tuesday: Remote Code Execution Flaw in Microsoft Message Queuing
Tags: cvss, exploit, flaw, malicious, microsoft, remote-code-execution, update, vulnerability, windowsThe Windows vulnerability carries a CVSS severity score of 9.8/10 and can be exploited by via specially crafted malicious MSMQ packets. The post ows v… First seen on securityweek.com Jump to article: www.securityweek.com/patch-tuesday-remote-code-execution-flaw-in-microsoft-message-queuing/
-
Github Enterprise Server: Sicherheitslücke verleiht Angreifern Admin-Zugriff
Die Schwachstelle betrifft alle GHES-Versionen vor 3.13.0 und erreicht den größtmöglichen CVSS-Score von 10. Gefährdet sind Instanzen mit SAML-SSO-Aut… First seen on golem.de Jump to article: www.golem.de/news/github-enterprise-server-sicherheitsluecke-verleiht-angreifern-admin-zugriff-2405-185314.html
-
Critical Netflix Genie Bug Opens Big Data Orchestration to RCE
The severe security vulnerability (CVE-2024-4701, CVSS 9.9) gives remote attackers a way to burrow into Netflix’s Genie open source platform, which is… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/netflix-fixes-critical-vulnerability-on-big-data-orchestration-service
-
GitHub Issues Patch for Critical Exploit in Enterprise Server
The vulnerability affects all GHES versions prior to 3.13.0 and achieves the highest possible CVSS score of 10. Instances with SAML SSO authentication… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/github-issues-patch-for-critical-exploit-in-enterprise-server/
-
Intel’s Max Severity Flaw Affects AI Model Compressor Users
CVSS 10-Rated Bug Could Enable Hackers to Execute Arbitrary Code on Systems. A maximum-severity bug in Intel’s artificial intelligence model compressi… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/intels-max-severity-flaw-affects-ai-model-compressor-users-a-25275
-
BSI warnt vor Angriffen auf Palo-Alto-Firewalls: CVSS 10.0 – Kritische Schwachstellen in Firewalls ermöglichen Root-Zugriff
First seen on security-insider.de Jump to article: www.security-insider.de/bsi-warnt-vor-sicherheitsluecken-in-palo-alto-networks-firewalls-a-b9781c3b9b0e301d5f75ae896154fae9/
-
China Steals Defense Secrets ‘on Industrial Scale’
UNC5174¯â¤¯UNC302: CVSS 10 and 9.8 vulnerabilities exploited by Chinese threat actor for People’s Republic. The post €¯â¤¯UNC302: CVSS 10 and 9.8 vu… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/china-steals-secrets-f5-connectwise-richixbw/
-
CVSS 4.0 Offers Significantly More Patching Context
First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/mileage-orgs-will-get-from-cvss-4-0-will-vary