Tag: rce
-
Critical RCE bug in VMware vCenter Server now exploited in attacks
Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-rce-bug-in-vmware-vcenter-server-now-exploited-in-attacks/
-
VMware fixes critical RCE, makeroot bugs in vCenter – for the second time
First seen on theregister.com Jump to article: www.theregister.com/2024/10/22/vmware_rce_vcenter_bugs/
-
Sonatype Nexus Repository Manager Hit by RCE XSS Vulnerability
Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing two critical vulnerabilities affecting Nexus Repository 2.x OSS/Pro versions. These vulnerabilities, identified as CVE-2024-5082 and CVE-2024-5083, could potentially allow attackers to exploit the system through remote code execution (RCE) and cross-site scripting (XSS) attacks. All previous versions up to and including 2.15.1 are affected,…
-
Palo Alto Networks warns of critical RCE zero-day exploited in attacks
Palo Alto Networks is warning that a critical zero-day vulnerability on Next-Generation Firewalls (NGFW) management interfaces, currently tracked as ‘PAN-SA-2024-0015,’ is actively being exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-critical-rce-zero-day-exploited-in-attacks/
-
CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed
Tags: attack, cisa, cybersecurity, exploit, flaw, infrastructure, kev, network, rce, remote-code-execution, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition have come under active exploitation in the wild.To that, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by…
-
Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that coul… First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html
-
Citrix, watchTowr clash on new RCE-enabling Citrix Virtual Apps and Desktops flaws
First seen on scworld.com Jump to article: www.scworld.com/brief/citrix-watchtowr-clash-on-new-rce-enabling-citrix-virtual-apps-and-desktops-flaws
-
RCE intrusions likely with critical WPLMS WordPress theme issue
First seen on scworld.com Jump to article: www.scworld.com/brief/rce-intrusions-likely-with-critical-wplms-wordpress-theme-issue
-
These 20 D-Link Devices Have Critical RCE Bug, but NO Patch NEVER
‘Bobby’ flaw flagged WONTFIX: Company doesn’t make storage devices now; has zero interest in fixing this catastrophic vulnerability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/d-link-nas-wont-fix-richixbw/
-
Vulnerability Recap 10/28/24 Phishing, DoS, RCE a Zero-Day
First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/vulnerability-recap-october-28-2024/
-
Citrix ‘Recording Manager’ Zero-Day Bug Allows Unauthenticated RCE
The security vulnerability is due to an exposed Microsoft Message Queuing (MSMQ) instance and the use of the insecure BinaryFormatter. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/citrix-recording-manager-zero-day-bug-unauthenticated-rce
-
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE)The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream…
-
New Citrix Zero-Day Vulnerability Allows Remote Code Execution
watchTowr has found a flaw in Citrix’s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps and Desktops First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-citrix-zeroday-vulnerability/
-
DEF CON 32 Outlook Unleashing RCE Chaos CVE 2024 30103
Authors/Presenters: Michael Gorelik, Arnold Osipov Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/def-con-32-outlook-unleashing-rce-chaos-cve-2024-30103/
-
Palo Alto Networks Addresses Remote Code Execution Vulnerability Claims
Palo Alto Networks has issued an advisory urging customers to take action in response to claims of an RCE vulnerability in PAN-OS. The post Palo Alto Networks Addresses Remote Code Execution Vulnerability Claims appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/palo-alto-networks-addresses-remote-code-execution-vulnerability-claims/
-
Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns
Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability.”Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface,” the company said. “At this time, we…
-
Critical Veeam RCE bug now used in Frag ransomware attacks
After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-veeam-rce-bug-now-used-in-frag-ransomware-attacks/
-
Palo Alto Networks warns of potential RCE in PAN-OS management interface
Palo Alto Networks warns customers to restrict access to their next-generation firewalls because of a potential RCE flaw in the PAN-OS management interface. Palo Alto Networks warns customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability in PAN-OS. The cybersecurity company has no further details on…
-
Palo Alto Networks warns of potential PAN-OS RCE vulnerability
Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-potential-pan-os-rce-vulnerability/
-
DEF CON 32 QuickShell Sharing Is Caring About RCE Attack Chain On QuickShare Or Yair, Shmuel Cohen
Authors/Presenters: Or Yair, Shmuel Cohen Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/def-con-32-quickshell-sharing-is-caring-about-rce-attack-chain-on-quickshare-or-yair-shmuel-cohen/
-
HPE warns of critical RCE flaws in Aruba Networking access points
Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hpe-warns-of-critical-rce-flaws-in-aruba-networking-access-points/
-
Microsoft SharePoint RCE bug exploited to breach corporate network
Tags: breach, corporate, cve, exploit, microsoft, network, rce, remote-code-execution, vulnerabilityA recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial acces… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-sharepoint-rce-bug-exploited-to-breach-corporate-network/
-
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution.T… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html
-
Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Fortinet releases patches for publicly undisclosed c… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/27/week-in-review-fortinet-patches-critical-fortimanager-0-day-vmware-fixes-vcenter-server-rce/
-
VMware fixes critical vCenter Server RCE bug again! (CVE-2024-38812)
Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fu… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/22/cve-2024-38812-cve-2024-38813-fixed-again/
-
VMware patching of identified vCenter RCE hits snag
First seen on scworld.com Jump to article: www.scworld.com/brief/vmware-patching-of-identified-vcenter-rce-hits-snag
-
‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln
First seen on theregister.com Jump to article: www.theregister.com/2024/10/02/mass_exploitation_of_zimbra_rce/
-
VMware fixes bad patch for critical vCenter Server RCE flaw
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not corr… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vmware-fixes-bad-patch-for-critical-vcenter-server-rce-flaw/
-
FortiJump: Yet Another Critical Fortinet 0-Day RCE
First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/fortinet-fortijump-0day-richixbw/