🚨Alert🚨CVE-2024-3400: Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect(CVSS: 10)
⚠It enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
📊 371K+ Services are found on

The patches address a high-severity vulnerability, designated CVE-2024-20380 (CVSS 7.5), that could allow unauthenticated, remote attackers to crash ClamAV services, causing a Denial-of-Service (DoS) condition.
securityonline.info/clamav-issues-…

Exploit code is now available for a critical vulnerability (CVE-2024-29204) that has been identified in Ivanti Avalanche. This flaw, rated 9.8 on the CVSS scale, allows unauthenticated remote attackers to execute arbitrary code on vulnerable systems
securityonline.info/exploit-code-r…

Hyper ICT detected a concerning spike in critical vulnerabilities (CVSS 10) in 2024. Patch often, scan for threats & train employees! #Cybersecurity #HyperICT

🚨 #CVE -2024-3400 Palo Alto Networks PAN-OS Command Injection Vulnerability with a CVSS score of 10
🔎Search Queries
- ssl_subject_organization: 'Palo Alto Networks'
- title: 'GlobalProtectPortal'
- favicon: '340ebdb3'
criminalip.io/en/asset/searc…

✅PoC: github.com/0x0d3ad/CVE-20…

Our #researchteam found a #zeroday vulnerability in Pyhtml2pdf. As a CNA, we assigned the ID CVE-2024-1647. Details about it here: 🔗bit.ly/3TFdEcA. We have announced 156 #CVE to this date: 🔗bit.ly/3PchSF1 #WeHackYourSoftware

#CNA #AppSec #CVSS

Bu hafta nöbetçiyim, CVSS 7.0 ve üzeri zafiyet yayınlayan namerttir

CVSs of DC sold out of Benadryl, folks we are here

Critical update: CVE-2024-3400 🚨CVSS:10.0 🔥

New findings reveal attackers can bypass telemetry requirements on #PaloAlto firewalls, with proof-of-concept exploit code available.

Palo Alto has released patches. Don't delay, patch now!

#Cybersecurity #PatchNow #CVE20243400

#FortiClientEMS contiene una #vulnerabilidad CVE-2023-48788 (puntuación CVSS: 9,3) sobre #SQLinjection que desde marzo de 2024 se ha explotado masivamente de acuerdo a datos de CISA Cyber

thehackernews.com/2024/04/hacker…

When creating an ATO POC. Is there any value in removing steps in user interaction when it comes to CVSS? Ex: 'just visiting a link' vs 'visit link and click 1 (or 2 or 3) things'

Same CVSS score right? should I bother?

A recent security advisory reveals multiple critical (CVE-2024-28890, CVSS 9.8) vulnerabilities in the widely used Forminator WordPress plugin, potentially exposing over 500,000 websites to malicious attacks.
securityonline.info/critical-vulne…

🚨 New #cybersecurity research reveals risks in AWS & Google Cloud CLI tools. LeakyCLI vulnerability exposes sensitive credentials via build logs. Microsoft patched a related issue in Azure (CVE-2023-36052, CVSS 8.6). Stay vigilant! #infosec #cloudsecurity

Our #researchteam found a #zeroday vulnerability in electron-pdf. As a CNA, we assigned the ID CVE-2024-1648. Details about it here: 🔗bit.ly/49InctG. We have announced 157 #CVE to this date: 🔗bit.ly/3PchSF1 #WeHackYourSoftware

#CNA #AppSec #CVSS

Fixed glibc CVE-2024-2961 iconv(3) out-of-bounds write for EL9 distros via Rocky Linux SIG/Security
sig-security.rocky.page/packages/glibc/
sig-security.rocky.page/issues/CVE-202…
Bug found and explored by Charles Fol, exploitable via PHP, rated Important, CVSS 8.8 by Red Hat, patched in Fedora but not yet in RHEL

先日の 'free access to zero-day security patches' に関しての KB がでた👀
CVSS Score 9 以上の Critical が対象とのこと📝

Zero Day (i.e., Critical) Security Patches for vSphere (7.x and 8.x) Perpetual License Customers with Expired Support Contracts (97805)
kb.vmware.com/s/article/97805

In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a leading #firewall solution, Xiid reminds organizations that Xiid SealedTunnel customers remain secure.

This latest vulnerability, currently unpatched and rated 10/10 on the #CVSS

It's really tough for smalls and even tougher for small infrastructure charities. Wouldn't it be great if someone created a funding list just for our CVSs and other infrastructure bodies? We think so too. charityexcellence.co.uk

The potential impact on security and confidentiality of the file read vulnerability, CVE-2024-23897, in the Jenkins open-source automation server is what gives this vulnerability a critical 10.0 rating on the CVSS.

Here’s why this matters: ⬇️ research.trendmicro.com/3vaqPub

CCE
セキュリティ項目にユニークID付与
CVE
脆弱性に対してユニークID付与
CVSS
脆弱性を定量的に評価
CWE
脆弱性を分類、識別。IDつけたり。

全部同じに見えるんだが。