Veeam released a security advisory to address six vulnerabilities of varying severities. Successful exploitation of the vulnerabilities may allow remote attackers to execute arbitrary code, leading to possible system compromise. One of the six vulnerabilities tracked as CVE-2024-40711 has a critical severity rating with a CVSS score of 9.8. The vulnerability may allow an attacker … Continue reading “Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication”
Tag: CISA Known Exploitable Vulnerabilities Catalog
SolarWinds Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)
SolarWinds released a security advisory to address a critical vulnerability impacting its Web Help Desk (WHD). Tracked as CVE-2024-28987, the vulnerability has a CVSS score of 9.1. Successful exploitation of the vulnerability may allow a remote, unauthenticated user to access internal functionality and modify data. CISA acknowledged the active exploitation of CVE-2024-28987 by adding it … Continue reading “SolarWinds Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)”
Google Patches Ninth Chrome Zero-day Vulnerability of the Year (CVE-2024-7971)
For the ninth time this year, Google Chrome users are urged to update their browsers immediately as a new zero-day vulnerability has been discovered. Google released a security advisory to address the zero-day vulnerability tracked as CVE-2024-7971. CVE-2024-7971 is a type confusion vulnerability in Chrome’s V8 JavaScript engine. Security researchers with the Microsoft Threat Intelligence … Continue reading “Google Patches Ninth Chrome Zero-day Vulnerability of the Year (CVE-2024-7971)”
SolarWinds Web Help Desk (WHD) Java Deserialization Vulnerability (CVE-2024-28986)
SolarWinds Web Help Desk has been identified as vulnerable to a Java Deserialization Remote Code Execution vulnerability, which was tracked as CVE-2024-28986. The vulnerability has been given a critical severity rating and a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to execute commands on target systems. The advisory states that … Continue reading “SolarWinds Web Help Desk (WHD) Java Deserialization Vulnerability (CVE-2024-28986)”
Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856)
Apache OFBiz is vulnerable to a pre-authentication flaw that can lead to remote code execution. Tracked as CVE-2024-38856, the vulnerability has a critical severity rating with a CVSS score of 9.8. SonicWall has discovered and reported the vulnerability to Apache. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code remotely, leading … Continue reading “Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856)”
Acronis Cyber Infrastructure Critical Vulnerability Exploited in the Wild (CVE-2023-45249)
An authentication bypass vulnerability in the Acronis Cyber Infrastructure is being exploited in the wild. Tracked as CVE-2023-45249, this vulnerability has a critical severity rating and a CVSS score of 9.8. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on vulnerable systems. An attacker may exploit the vulnerability … Continue reading “Acronis Cyber Infrastructure Critical Vulnerability Exploited in the Wild (CVE-2023-45249)”
Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2024-20399)
Cisco has released patches to address a zero-day vulnerability exploited in April. Tracked as CVE-2024-20399, the vulnerability impacts Cisco NX-OS Software. Successful exploitation of the vulnerability could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. Cybersecurity firm Sygnia reported the vulnerability to Cisco along with the information about … Continue reading “Cisco NX-OS Software CLI Command Injection Vulnerability (CVE-2024-20399)”
PHP CGI Argument Injection Vulnerability (CVE-2024-4577)
Security Researcher Orange Tsai recently discovered a critical argument injection vulnerability in PHP CGI that could allow attackers to execute arbitrary code without any authentication, leading to possible system compromise. The use of PHP CGI has faded over time; however, CVE-2024-4577 affects the default configuration of XAMPP. XAMPP is a popular software used by PHP … Continue reading “PHP CGI Argument Injection Vulnerability (CVE-2024-4577)”
Progress Telerik Report Server Authentication Bypass Vulnerability (CVE-2024-4358)
A security researcher at Trend Micro Zero Day Initiative discovered a vulnerability in the Progress Telerik Report Server. CVE-2024-4358 is a critical severity vulnerability allowing an unauthenticated, remote attacker to bypass security restrictions and gain access to Telerik Report server-restricted functionality.
Check Point Security Gateways Information Disclosure Vulnerability Exploited in the Wild (CVE-2024-24919)
Check Point warned its customers of a vulnerability impacting its Network Security gateway products. The vulnerability, tracked as CVE-2024-24919, is being exploited in the wild. Successful exploitation of the vulnerability may allow an attacker to read specific information on Internet-connected Gateways with remote access VPN or mobile access enabled. CISA acknowledged the active exploitation of … Continue reading “Check Point Security Gateways Information Disclosure Vulnerability Exploited in the Wild (CVE-2024-24919)”
