vulnerability

PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models 

PKfail, secure boot, UEFI, Vulnerabilities, vulnerability /

PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models  2024-07-26 at 13:01 By Eduard Kovacs A vulnerability dubbed PKfail can allow attackers to run malicious code during the boot process, which can be used to deliver UEFI bootkits. The post PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models  appeared first […]

React to this headline:

Loading spinner

PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models  Read More »

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)

Code White, CVE, Don't miss, enterprise, Hot stuff, News, Progress, vulnerability /

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) 2024-07-26 at 09:46 By Zeljka Zorz Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible. About CVE-2024-6327 (and CVE-2024-6096) Telerik Report Server is an enterprise solution for storing,

React to this headline:

Loading spinner

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) Read More »

BIND Updates Resolve High-Severity DoS Vulnerabilities

BIND, Vulnerabilities, vulnerability /

BIND Updates Resolve High-Severity DoS Vulnerabilities 2024-07-25 at 16:16 By Ionut Arghire The latest BIND security updates address remotely exploitable vulnerabilities leading to denial-of-service. The post BIND Updates Resolve High-Severity DoS Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

BIND Updates Resolve High-Severity DoS Vulnerabilities Read More »

Docker fixes critical auth bypass flaw, again (CVE-2024-41110)

containers, CVE, Docker, Don't miss, Hot stuff, News, security update, virtualization, vulnerability /

Docker fixes critical auth bypass flaw, again (CVE-2024-41110) 2024-07-25 at 15:01 By Zeljka Zorz A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. About CVE-2024-41110 CVE-2024-41110 is a vulnerability that can be exploited remotely,

React to this headline:

Loading spinner

Docker fixes critical auth bypass flaw, again (CVE-2024-41110) Read More »

Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products

NVIDIA, Vulnerabilities, vulnerability /

Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products 2024-07-25 at 12:16 By Eduard Kovacs Nvidia has patched high-severity vulnerabilities in its Jetson, Mellanox OS, OnyX, Skyway, and MetroX products. The post Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products Read More »

Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment

ICS, ICS/OT, Siemens, Vulnerabilities, vulnerability /

Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment 2024-07-24 at 17:46 By Eduard Kovacs Siemens has released out-of-band updates to patch two potentially serious vulnerabilities in products used in energy supply.  The post Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment Read More »

Philips Discloses Multiple VUE PACS Vulnerabilities: Healthcare Sector Walking on Thin Ice 

vulnerability /

Philips Discloses Multiple VUE PACS Vulnerabilities: Healthcare Sector Walking on Thin Ice  2024-07-23 at 08:46 By Neetha Internet Exposed VUE PACS a Storm Brewing in Hindsight On July 18, 2024, Philips issued a security advisory addressing vulnerabilities within Philips Vue Picture Archiving and Communication System (PACS) versions prior to 12.2.8.410.   The Philips Vue PACS is

React to this headline:

Loading spinner

Philips Discloses Multiple VUE PACS Vulnerabilities: Healthcare Sector Walking on Thin Ice  Read More »

Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm

Splunk, Vulnerabilities, vulnerability /

Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm 2024-07-19 at 18:01 By Ionut Arghire SonicWall warns that a simple GET request is enough to exploit a recent Splunk Enterprise vulnerability. The post Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm Read More »

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)

CVE, data analytics, Don't miss, enterprise, Hot stuff, News, security update, SonicWall, Splunk, vulnerability /

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) 2024-07-18 at 18:01 By Zeljka Zorz A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s threat researchers. Several PoC exploits have been published, including one by IT consultant Mohamed Nabil Ali that performs bulk

React to this headline:

Loading spinner

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) Read More »

SAP AI Core Vulnerabilities Allowed Service Takeover, Customer Data Access

AI, Artificial Intelligence, cloud security, SAP, vulnerability /

SAP AI Core Vulnerabilities Allowed Service Takeover, Customer Data Access 2024-07-18 at 18:01 By Eduard Kovacs SAP patches AI Core vulnerabilities allowing attackers to access customer data and take over the service. The post SAP AI Core Vulnerabilities Allowed Service Takeover, Customer Data Access appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

SAP AI Core Vulnerabilities Allowed Service Takeover, Customer Data Access Read More »

Ivanti Issues Hotfix for High-Severity Endpoint Manager Vulnerability

Cisco, Vulnerabilities, vulnerability /

Ivanti Issues Hotfix for High-Severity Endpoint Manager Vulnerability 2024-07-18 at 14:46 By Ionut Arghire Ivanti has released a hotfix to address an SQL injection vulnerability in Endpoint Manager (EPM) 2024 flat. The post Ivanti Issues Hotfix for High-Severity Endpoint Manager Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Ivanti Issues Hotfix for High-Severity Endpoint Manager Vulnerability Read More »

Cisco Patches Critical Vulnerabilities in Secure Email Gateway, SSM

Cisco, Vulnerabilities, vulnerability /

Cisco Patches Critical Vulnerabilities in Secure Email Gateway, SSM 2024-07-18 at 14:46 By Ionut Arghire Cisco has released patches for critical vulnerabilities in Secure Email Gateway and Smart Software Manager On-Prem. The post Cisco Patches Critical Vulnerabilities in Secure Email Gateway, SSM appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Cisco Patches Critical Vulnerabilities in Secure Email Gateway, SSM Read More »

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419)

Cisco, Don't miss, email security, Hot stuff, News, security update, vulnerability /

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) 2024-07-18 at 12:16 By Zeljka Zorz Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the password of any user on its Smart Software Manager On-Prem license servers (CVE-2024-20419). Neither

React to this headline:

Loading spinner

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) Read More »

Apache HugeGraph Vulnerability Exploited in Wild

Apache HugeGraph, exploited, Vulnerabilities, vulnerability /

Apache HugeGraph Vulnerability Exploited in Wild 2024-07-17 at 14:16 By Eduard Kovacs A recently patched Apache HugeGraph-Server vulnerability tracked as CVE-2024-27348 is being targeted in attacks. The post Apache HugeGraph Vulnerability Exploited in Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

Apache HugeGraph Vulnerability Exploited in Wild Read More »

Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)

Censys, CVE, Don't miss, email security, Exim, Hot stuff, Malware, News, vulnerability /

Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) 2024-07-15 at 14:20 By Zeljka Zorz The maintainers of the Exim mail transfer agent (MTA) have fixed a critical vulnerability (CVE-2024-39929) that currently affects around 1.5 million public-facing servers and can help attackers deliver malware to users. About CVE-2024-39929 The vulnerability stems from a bug in RFC 2231

React to this headline:

Loading spinner

Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) Read More »

Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes

email security, Exim, Vulnerabilities, vulnerability /

Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes 2024-07-12 at 18:31 By Ionut Arghire Successful exploitation could allow attackers to deliver executable attachments to inboxes. The post Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes Read More »

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)

0-day, Check Point, CVE, Don't miss, Hot stuff, Internet Explorer, Morphisec, MS Office, News, vulnerability /

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112) 2024-07-10 at 15:46 By Zeljka Zorz CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li

React to this headline:

Loading spinner

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112) Read More »

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)

0-day, Action1, Automox, CVE, Don't miss, Hot stuff, Microsoft, MS SQL Server, News, Patch Tuesday, security update, Trend Micro, virtualization, vulnerability, Windows /

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) 2024-07-09 at 22:31 By Zeljka Zorz For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in Windows Hyper-V and Windows MSHTML Platform (respectively). Zero-days exploited in the wild (CVE-2024-38080, CVE-2024-38112) CVE-2024-38080 is a

React to this headline:

Loading spinner

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) Read More »

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack

Don't miss, FreeRADIUS, Hot stuff, InkBridge Networks, networking, News, vulnerability /

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack 2024-07-09 at 15:01 By Help Net Security A new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle (MitM) attacks. While the vulnerability can be difficult to exploit, the possible impact of an exploit is substantial.

React to this headline:

Loading spinner

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack Read More »

Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript

CVE-2024-29510, Vulnerabilities, vulnerability /

Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript 2024-07-08 at 15:01 By Ionut Arghire Vulnerability in Ghostscript (CVE-2024-29510) allows attackers to bypass sandbox for remote code execution. The post Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript Read More »

Scroll to Top