vulnerability Archives - Page 3 of 24

Experts warn of critical Zero-Day in Apache OfBiz

Issued by: Security Affairs

Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. An attacker can trigger the vulnerability, tracked as CVE-2023-51467, to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) The issue resides in the login functionality and results from an incomplete patch for the Pre-auth…

Vulnerabilities

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

Issued by: The Hacker News

A new zero-day security flaw has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was released…

Vulnerabilities

Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File

Issued by: Dark Reading

Researchers this week disclosed details on two security vulnerabilities in Microsoft Outlook that, when chained together, give attackers a way to execute arbitrary code on affected systems without any user interaction. Unusually, both of them can be triggered using a sound file. One of the flaws, tracked as CVE-2023-35384, is actually the second patch bypass…

Malware & Threats

Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug

Issued by: Dark Reading

Concerns are high over a critical, recently disclosed remote code execution (RCE) vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java applications. Developers can use it to build modular Web applications based on what is known…

Vulnerabilities

Apache Struts 2 vulnerability discovered, as proof of concept circulates

Issued by: CSO Online

A new vulnerability found in the Apache Struts 2 framework has received a critical severity rating from NIST’s national database. A new vulnerability in the Struts 2 web application framework can potentially enable a remote attacker to execute code on systems running apps based on earlier versions of the software. The vulnerability, announced this week…

Vulnerabilities

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

Issued by: Security Affairs

ownCloud is an open-source software platform designed for file synchronization and sharing. It allows individuals and organizations to create their own private cloud storage services, giving them control over their data while facilitating collaboration and file access across multiple devices. The vulnerability, tracked as CVE-2023-49103, resides in the Graphapi app, which relies on a third-party…

Vulnerabilities

CISA Urges Patching as Hackers Exploit ‘Looney Tunables’ Bug

Issued by: DataBreach Today

U.S. federal agencies have until Dec. 12 to patch vulnerable Linux devices on their networks after researchers discovered an actively exploited security flaw. The Cybersecurity and Infrastructure Security Agency added the “Looney Tunables” vulnerability, tracked as CVE-2023-4911, to its catalog of known exploited vulnerabilities Tuesday and mandated federal civilian branch agencies to download patches to…

Vulnerabilities

Zimbra zero-day exploited to steal government emails by four groups

Issued by: Security Affairs

Google Threat Analysis Group (TAG) researchers revealed that a zero-day vulnerability, tracked as CVE-2023-37580 (CVSS score: 6.1), in the Zimbra Collaboration email software was exploited by four different threat actors to steal email data, user credentials, and authentication tokens from government organizations. The experts observed that most of the attacks took place after the public…

Vulnerabilities

Aqua Security Introduces Industry-First Kubernetes Vulnerability Scanning With Trivy KBOM

Issued by: Dark Reading

Aqua Security, the pioneer in cloud native security, today announced its open source solution Trivy now supports vulnerability scanning for Kubernetes components in addition to Kubernetes Bill of Materials (KBOM) generation. Now, companies can better understand the components within their Kubernetes environment and how secure they are in order to substantially reduce risk. Kubernetes has…

Vulnerabilities

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

Issued by: Security Affairs

F5 this week warned customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability resides in the configuration utility component, it was reported by Michael Weber and Thomas Hendrickson of Praetorian on October 4, 2023. “This vulnerability may allow an unauthenticated…