Lucene search
K

938 matches found

The Hacker News
The Hacker News
added 2024/09/19 5:7 a.m.34 views

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions

GitLab has released patches to address a critical flaw impacting Community Edition CE and Enterprise Edition EE that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library CVE-2024-45409, CVSS score: 10.0, which could allow an attacker to log in as an...

10CVSS7.7AI score0.9921EPSS
Exploits14
HackRead
HackRead
added 2024/09/13 3:58 p.m.14 views

New Android Malware Ajina.Banker Steals 2FA Codes, Spreads via Telegram

A new Android malware called Trojan Ajina.Banker is targeting Central Asia - Discover how this malicious malware disguises…...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/12 4:12 p.m.16 views

New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram

Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2023 with the goal of harvesting financial information and intercepting two-factor authentication 2FA messages. Singapore-headquartered Group-IB, which...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/12 4:57 a.m.23 views

WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication 2FA mandatorily. The enforcement is expected to come into effect starting October 1, 2024. "Accounts with commit access can pu...

7.6AI score
Exploits0
HackRead
HackRead
added 2024/09/05 4:55 p.m.5 views

WordPress Mandates 2FA, SVN Passwords for Plugin, Theme Authors

Starting October 2024, WordPress requires plugin and theme authors to enable two-factor authentication 2FA and use SVN-specific passwords…...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/28 6:49 a.m.19 views

New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials

Cybersecurity researchers are calling attention to a new QR code phishing aka quishing campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse of legitimate cloud offerings for malicious purposes. "By using legitimate cloud applications, attacke...

7.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/08/23 12:0 a.m.21 views

Siemens SCALANCE M-800, RUGGEDCOM RM1224 Insertion of Sensitive Information Into Log File (CVE-2024-41978)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.1, SCALANCE M812-1 ADSL- Router family All versions V8.1, SCALANCE M816-1...

7.1CVSS5.4AI score0.00488EPSS
Exploits0References3
Hacker One
Hacker One
added 2024/08/22 2:0 p.m.81 views

GitLab: Login email verification bypass via `/oauth/token`.

Vulnerability description not provided...

7.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/08/14 11:57 a.m.17 views

CVE-2024-39398 OTP 2FA can be bruteforced

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and...

7.4CVSS7.5AI score0.00751EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/14 11:57 a.m.23 views

CVE-2024-39398 OTP 2FA can be bruteforced

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to perform brute force attacks and...

7.4CVSS0.00751EPSS
Exploits0References1
NVD
NVD
added 2024/08/13 8:15 a.m.24 views

CVE-2024-41978

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.1, SCALANCE M812-1 ADSL-Router family All versions V8.1, SCALANCE M816-1...

7.1CVSS0.00488EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/13 7:54 a.m.15 views

CVE-2024-41978

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.1, SCALANCE M812-1 ADSL-Router family All versions V8.1, SCALANCE M816-1...

7.1CVSS6.2AI score0.00488EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/13 7:54 a.m.29 views

CVE-2024-41978

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.1, SCALANCE M812-1 ADSL-Router family All versions V8.1, SCALANCE M816-1...

7.1CVSS0.00488EPSS
Exploits0References1
CVE
CVE
added 2024/08/13 7:54 a.m.63 views

CVE-2024-41978

CVE-2024-41978 affects Siemens SCALANCE M-800 family and RUGGEDCOM RM1224 devices (and related models) where 2FA token generation data is logged. Root cause: insertion of sensitive information about 2FA token generation into log files on affected devices. Impact: authenticated remote attackers co...

7.1CVSS6.5AI score0.00488EPSS
Exploits0References1Affected Software1
ICS
ICS
added 2024/08/13 12:0 a.m.43 views

Siemens SCALANCE M-800, RUGGEDCOM RM1224

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

8.8CVSS8.4AI score0.01001EPSS
Exploits0References10
NVD
NVD
added 2024/08/05 8:15 p.m.24 views

CVE-2024-41958

mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication 2FA mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwi...

7.2CVSS0.01027EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/05 7:59 p.m.39 views

CVE-2024-41958 Two-Factor Authentication (2FA) Bypass in mailcow: dockerized

mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication 2FA mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwi...

6.6CVSS0.01027EPSS
Exploits1References2
OSV
OSV
added 2024/08/05 7:59 p.m.20 views

CVE-2024-41958 Two-Factor Authentication (2FA) Bypass in mailcow: dockerized

mailcow: dockerized is an open source groupware/email suite based on docker. A vulnerability has been discovered in the two-factor authentication 2FA mechanism. This flaw allows an authenticated attacker to bypass the 2FA protection, enabling unauthorized access to other accounts that are otherwi...

6.6CVSS7.1AI score0.01027EPSS
Exploits1References4
CVE
CVE
added 2024/08/05 7:59 p.m.45 views

CVE-2024-41958

CVE-2024-41958 affects mailcow: dockerized. An authenticated attacker who has access to a user account and knows a target account’s credentials (with 2FA enabled) can bypass the 2FA protection and access the protected account. Affected: mailcow: dockerized (versions prior to 2024-07). Root cause:...

7.2CVSS6.7AI score0.01027EPSS
Exploits1References2Affected Software1
Rosalinux
Rosalinux
added 2024/07/23 11:31 a.m.19 views

Advisory ROSA-SA-2024-2456

Software: selinux-policy 3.14.3 OS: ROSA Virtualization 2.1 packageevrstring: selinux-policy-3.14.3 CVE-ID: CVE-2020-24612 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A problem was detected in the selinux-policy package because the .config/Yubico directory is not handled correctly. Consequently, whe...

6.7CVSS7.3AI score0.00317EPSS
Exploits0
Rows per page
Query Builder