CVE-2024-6327
- 4 Posts
- 7 Interactions
CVE Info
Fediverse
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/264/058/077/639/703/original/8bef32ac94a8ceea.png)
Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server https://securityaffairs.com/166168/security/telerik-report-server-cve-2024-6327.html
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/290/259/246/505/962/original/23b8bf07e25d104f.png)
Another product, another deserialization vulnerability, another RCE from @mwulftange: Patch your Telerik Report Server (CVE-2024-6327 & CVE-2024-6096) https://code-white.com/public-vulnerability-list/#unknowntyperesolver-insecure-type-resolution-in-report-server
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/112/491/487/506/494/661/original/9fc1063487c20edf.jpeg)
CVE-2024-6327 :: CVSS Score 9.9 :: Upgrade Progress' Telerik Server NOW !!
Advisory Link:
https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327
Steps to Upgrade:
https://docs.telerik.com/report-server/implementer-guide/setup/upgrade
Update Release Notes:
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/304/856/396/760/756/original/b483c0b191b86e19.png)
The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier. https://thehackernews.com/2024/07/critical-flaw-in-telerik-report-server.html
CVE-2023-45249
- 2 Posts
- 4 Interactions
CVE Info
Fediverse
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/110/730/368/199/044/452/original/d21d4ce758075437.png)
Acronis security advisory: Acronis Cyber Infrastructure 5.4 update 4.2
CVE-2023-45249 (9.8 critical, disclosed 24 July 2024 by Acronis) Remote command execution due to use of default passwords
This vulnerability is known to be exploited in the wild.
h/t: @serghei. See related Bleeping Computer reporting: Acronis warns of Cyber Infrastructure default password abused in attacks
#CVE_2023_45249 #vulnerability #Acronis #CVE #eitw #activeexploitation
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/112/491/487/506/494/661/original/9fc1063487c20edf.jpeg)
Critical : CVE-2023-45249 :: CVSS 9.8 :: Remote Code Execution vulnerability in Acronis Cyber Infrastructure(ACI) tool.
This vulnerability is being exploited in-the-wild !!
Advisory Link:
CVE-2024-6922
- 2 Posts
- 10 Interactions
CVE Info
Fediverse
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/259/052/072/382/510/original/5b06606941cce9f7.jpeg)
Congrats to @fuzz on his first Rapid7 vulnerability disclosure! CVE-2024-6922 is an unauthenticated SSRF in Automation 360. It's fixed in v33 onward, with thanks to the vendor for their prompt investigation and coordinated disclosure!
https://www.rapid7.com/blog/post/2024/07/26/cve-2024-6922-automation-anywhere-automation-360-server-side-request-forgery/
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/110/730/368/199/044/452/original/d21d4ce758075437.png)
Rapid7: CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery
Rapid7 reports that Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF) tracked as CVE-2024-6922 (6.9 medium). Automation 360 Robotic Process Automation is allegedly used by many private-sector businesses and government agencies. Rapid7 states that “These requests can be used to target internal network services that are not otherwise reachable… For example, unauthenticated attackers can direct Automation 360 to perform arbitrary POST web requests to the back end web services behind Traefik, the Elastic API, and internal Windows web APIs”
CVE-2024-27867
- 1 Post
CVE Info
Fediverse
![Profile picture](https://media.infosec.exchange/infosec.exchange/cache/accounts/avatars/000/219/834/original/afb4d48fe41fae9b.jpg)
@bamboombibbitybop @mjg59 They sound much better when using CVE-2024-27867 to listen to music unencrypted!
CVE-2024-27829
- 1 Post
CVE Info
Fediverse
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/303/403/947/337/046/original/121817bb48b278f3.png)
[ZDI-24-965|CVE-2024-27829] Apple macOS VideoToolbox Out-Of-Bounds Write Remote Code Execution Vulnerability (CVSS 8.8; Credit: Pwn2car) https://www.zerodayinitiative.com/advisories/ZDI-24-965/
CVE-1999-0184
- 1 Post
CVE Info
Fediverse
CVE-2024-42029
- 1 Post
CVE Info
Fediverse
CVE-2024-6096
- 1 Post
- 6 Interactions
CVE Info
Fediverse
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/290/259/246/505/962/original/23b8bf07e25d104f.png)
Another product, another deserialization vulnerability, another RCE from @mwulftange: Patch your Telerik Report Server (CVE-2024-6327 & CVE-2024-6096) https://code-white.com/public-vulnerability-list/#unknowntyperesolver-insecure-type-resolution-in-report-server
CVE-2024-6387
- 1 Post
- 5 Interactions
CVE Info
Fediverse
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/367/261/497/140/576/original/caf7577e3c96a5a2.jpg)
Great writeup as usual by Qualys on exploiting a signal handler race condition in OpenSSH
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
CVE-2024-41110
- 1 Post
- 1 Interaction
CVE Info
Fediverse
![Profile picture](https://media.infosec.exchange/infosec.exchange/cache/accounts/avatars/000/109/786/original/9c357f86eebec13b.png)
Une faille de sécurité vieille de 5 ans a été corrigée dans Docker ! https://www.it-connect.fr/docker-une-faille-de-securite-vieille-de-5-ans-a-ete-corrigee-cve-2024-41110/ #ActuCybersécurité
CVE-2024-0760
- 1 Post
CVE Info
Fediverse
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/304/856/396/760/756/original/b483c0b191b86e19.png)
The updates resolve a total of four high-severity bugs, tracked as CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, and CVE-2024-4076, all of which have a CVSS score of 7.5. https://www.securityweek.com/bind-updates-resolve-high-severity-dos-vulnerabilities/
CVE-2024-1975
- 1 Post
CVE Info
Fediverse
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/304/856/396/760/756/original/b483c0b191b86e19.png)
The updates resolve a total of four high-severity bugs, tracked as CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, and CVE-2024-4076, all of which have a CVSS score of 7.5. https://www.securityweek.com/bind-updates-resolve-high-severity-dos-vulnerabilities/
CVE-2024-4076
- 1 Post
CVE Info
Fediverse
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/304/856/396/760/756/original/b483c0b191b86e19.png)
The updates resolve a total of four high-severity bugs, tracked as CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, and CVE-2024-4076, all of which have a CVSS score of 7.5. https://www.securityweek.com/bind-updates-resolve-high-severity-dos-vulnerabilities/
CVE-2024-1737
- 1 Post
CVE Info
Fediverse
![Profile picture](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/304/856/396/760/756/original/b483c0b191b86e19.png)
The updates resolve a total of four high-severity bugs, tracked as CVE-2024-0760, CVE-2024-1737, CVE-2024-1975, and CVE-2024-4076, all of which have a CVSS score of 7.5. https://www.securityweek.com/bind-updates-resolve-high-severity-dos-vulnerabilities/