Tag: rce
-
FYSA Critical RCE Flaw in GNU-Linux Systems
Summary A severe, unauthenticated remote code execution (RCE) flaw has been discovered in GNU Linux systems. The vulnerability, rated CVSS 9.9, affect… First seen on securityintelligence.com Jump to article: securityintelligence.com/news/fysa-critical-rce-flaw-in-gnu-linux-systems/
-
Millionen von Exim-Mailservern sind anfällig für Zero-DayAngriffe
Eine kritische Sicherheitslücke in der Software Exim Mail Transfer Agent bedroht Millionen von Servern weltweit, denn sie erlaubt Angreifern die Ausfü… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/millionen-von-exim-mailservern-sind-anfallig-fur-zero-day-rce-angriffe
-
[Updated] Log4Shell: Critical Severity Apache Log4j Remote Code Execution Being Actively Exploited (CVE-2021-44228 CVE-2021-45046)
Update December 17th, 2021: Log4j 2.15.0 Vulnerability Upgraded from Low to Critical Severity (CVSS 9.0) RCE possible in non-default configurations Th… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2021/12/10/log4shell-critical-severity-apache-log4j-remote-code-execution-being-actively-exploited-cve-2021-44228/
-
Critical VMware Authentication Bypass and RCE Vulnerabilities: CVE-2022-31656 and CVE-2022-31659
Proof-of-Concept (PoC) exploit recently released by security researchers. VMware recommends patching affected systems immediately. Executive Summary O… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/08/10/critical-vmware-authentication-bypass-and-rce-vulnerabilities-cve-2022-31656-and-cve-2022-31659/
-
SPNEGO NEGOEX: Critical Pre-Authentication RCE Vulnerability in Modern Microsoft Windows Operating Systems (CVE-2022-37958)
Written by Mark Stueck of the Kudelski Security Threat Detection & Research Team Summary On Tuesday, December 13th, Microsoft reclassified a previ… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/12/14/advisory-spnego-negoex-critical-pre-authentication-rce-vulnerability-in-modern-microsoft-windows-operating-systems-cve-2022-37958/
-
CVE-2023-27997 Pre-Authentication RCE on FortiGate SSL-VPN
Written by Harish Segar and Scott Emerson of the Kudelski Security Threat Detection & Research Team June 13th, update 2: Technical details of bug … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/06/12/cve-2023-27997-fortigate-ssl-vpn/
-
F5 BIG-IP Unauthenticated RCE via HTTP Request Smuggling
Written by Scott Emerson of the Kudelski Security Threat Detection & Research Team Summary Researchers at Praetorian have discovered a request smu… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/10/27/f5-big-ip-unauthenticated-rce-via-http-request-smuggling/
-
CVE-2023-46604 Apache ActiveMQ RCE vulnerability
Written by Joshua Cartlidge of the Kudelski Security Threat Detection & Research Team Summary On October 25, 2023, Apache disclosed an ActiveMQ Re… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/11/03/cve-2023-46604-apache-activemq-rce-vulnerability/
-
Ivanti Connect Secure/Policy Secure CVE-2023-46805, CVE-2024-21887 Combine for Unauthenticated RCE, and following CVEs discovered over time
Written by the Kudelski Security Threat Detection & Research Team (updated on 2024.02.12 by Yann Lehmann) Summary Ivanti Connect Secure (ICS) and … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2024/01/11/ivanti-connect-secure-policy-secure-cve-2023-46805-cve-2024-21887-combine-for-unauthenticated-rce/
-
Splunk Enterprise Multiple Vulnerabilities for RCE
Summary Splunk has disclosed several high-severity vulnerabilities in Splunk Enterprise and Splunk Cloud Platform, which allowattackers to execute rem… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2024/10/16/splunk-enterprise-multiple-vulnerabilities-for-rce/
-
FortiManager Critical CVE-2024-47575 >>FortiJump<< Allows RCE
Summary On October 23, 2024, Fortinet published an advisory for CVE-2024-47575, a critical-severity zero day affecting FortiManager. Missing authentic… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2024/10/25/fortimanager-critical-cve-2024-47575-fortijump-allows-rce/
-
Blind SSRF to RCE Vulnerability Exploitation
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/blind-ssrf-to-rce-vulnerability-exploitation
-
CVE-2024-3094: Malicious Code in XZ Utils Enables RCE on Linux Systems
A recent analysis has revealed that the malicious code embedded in the widely-used open-source library XZ Utils (present in multiple Linux distros) ca… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-3094-xz-utils-linux/
-
‘Tis the season for website cloning tools, RCEs and AI phishing lures
First seen on scworld.com Jump to article: www.scworld.com/news/tis-the-season-for-website-cloning-tools-rces-and-ai-phishing-lures
-
High severity RCE flaws among several newly addressed IBM bugs
First seen on scworld.com Jump to article: www.scworld.com/brief/high-severity-rce-flaws-among-several-newly-addressed-ibm-bugs
-
IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR
IBM has released patches for two high-severity remote code execution vulnerabilities in Data Virtualization Manager and Security SOAR. The post IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ibm-patches-rce-vulnerabilities-in-data-virtualization-manager-security-soar/
-
7-Zip RCE Vulnerability Let Attackers Execute Remote Code
A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing attackers to execute arbitrary code remotely. The flaw, identified as CVE-2024-11477, has been attributed to an integer underflow in the Zstandard decompression implementation, which could lead to remote code execution (RCE). CVE-2024-11477 Vulnerability Details The vulnerability, CVE-2024-11477 discovered by […]…
-
Here’s Yet Another D-Link RCE That Won’t be Fixed
D-Licious: Stubborn network device maker digs in heels and tells you to buy new gear. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/d-link-router-critical-rce-sol-richixbw/
-
D-Link Warns of RCE Vulnerability in Legacy Routers
Six discontinued D-Link router models are affected by a remote code execution (RCE) vulnerability that will not be patched. The post D-Link Warns of RCE Vulnerability in Legacy Routers appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/d-link-warns-of-rce-vulnerability-in-legacy-routers/
-
D-Link urges users to retire VPN routers impacted by unfixed RCE flaw
D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/d-link-urges-users-to-retire-vpn-routers-impacted-by-unfixed-rce-flaw/
-
Microsoft SharePoint RCE flaw exploits in the wild you’ve had 3 months to patch
First seen on theregister.com Jump to article: www.theregister.com/2024/10/23/microsoft_sharepoint_rce_exploited/
-
Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble
If you didn’t fix this a month ago, your to-do list probably needs a reshuffle First seen on theregister.com Jump to article: www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/
-
Critical RCE bug in VMware vCenter Server now exploited in attacks
Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-rce-bug-in-vmware-vcenter-server-now-exploited-in-attacks/
-
VMware fixes critical RCE, makeroot bugs in vCenter – for the second time
First seen on theregister.com Jump to article: www.theregister.com/2024/10/22/vmware_rce_vcenter_bugs/
-
Sonatype Nexus Repository Manager Hit by RCE XSS Vulnerability
Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing two critical vulnerabilities affecting Nexus Repository 2.x OSS/Pro versions. These vulnerabilities, identified as CVE-2024-5082 and CVE-2024-5083, could potentially allow attackers to exploit the system through remote code execution (RCE) and cross-site scripting (XSS) attacks. All previous versions up to and including 2.15.1 are affected,…
-
Palo Alto Networks warns of critical RCE zero-day exploited in attacks
Palo Alto Networks is warning that a critical zero-day vulnerability on Next-Generation Firewalls (NGFW) management interfaces, currently tracked as ‘PAN-SA-2024-0015,’ is actively being exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-critical-rce-zero-day-exploited-in-attacks/
-
CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed
Tags: attack, cisa, cybersecurity, exploit, flaw, infrastructure, kev, network, rce, remote-code-execution, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition have come under active exploitation in the wild.To that, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by…
-
Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that coul… First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html
-
Citrix, watchTowr clash on new RCE-enabling Citrix Virtual Apps and Desktops flaws
First seen on scworld.com Jump to article: www.scworld.com/brief/citrix-watchtowr-clash-on-new-rce-enabling-citrix-virtual-apps-and-desktops-flaws
-
RCE intrusions likely with critical WPLMS WordPress theme issue
First seen on scworld.com Jump to article: www.scworld.com/brief/rce-intrusions-likely-with-critical-wplms-wordpress-theme-issue