9 matches found
CVE-2022-27924
Zimbra Collaboration aka ZCS 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries...
Imperva Defends Against Targeted Exploits Used By APT29 Hackers
Recently, U.S. and U.K. cyber agencies have warned of a renewed wave of attacks led by Russian APT29 hackers. These sophisticated threat actors have been actively exploiting vulnerabilities in Zimbra Collaboration Suite and JetBrains TeamCity, specifically CVE-2022-27924 and CVE-2023-42793, to...
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance
The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager LTM module to conduct reconnaissance of target networks. It said the module is being used to...
CVE-2022-27924
creationtimestamp| type| source ---|---|--- 2023-06-14 21:10:04+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-12-03 23:25:04+00:00| seen| https://t.me/arpsyndicate/1056 2024-12-24 20:32:39+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/2971675 2025-02-23 02:10:36+00:00|...
CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue in question is CVE-2022-27924 CVSS score:...
VulnCheck KEV: CVE-2022-27924
Synacor Zimbra Collaboration Suite ZCS allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries...
Zimbra Collaboration CRLF Injection (CVE-2022-27924)
A CRLF injection vulnerability exists in Zimbra Collaboration. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials
A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially...
CVE-2022-27924
CVE-2022-27924 affects Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0, allowing an unauthenticated attacker to inject arbitrary memcache commands into a targeted ZCS instance, with those commands becoming unescaped and enabling overwriting of arbitrary cached entries and extraction of credential...