Tag: rce
-
FreeBSD releases new patch for regreSSHion-related RCE flaw
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/freebsd-releases-new-patch-for-regresshion-related-rce-flaw
-
RCE, privilege escalation likely with chained OpenVPN flaws
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rce-privilege-escalation-likely-with-chained-openvpn-flaws
-
Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE
Microsoft found four bugs in OpenVPN that could be chained to achieve remote code execution and local privilege escalation. During the Black Hat USA 2… First seen on securityaffairs.com Jump to article: securityaffairs.com/166912/hacking/openvpn-rce-lpe.html
-
CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz
IntroductionOn August 5, 2024, researchers at SonicWall discovered a zero-day security flaw in Apache OFBiz tracked as CVE-2024-38856. The vulnerabili… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/cve-2024-38856-pre-auth-rce-vulnerability-in-apache-ofbiz/
-
Critical Apache OfBiz Vulnerability Allows Preauth RCE
The enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide a… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/critical-apache-ofbiz-vulnerability-allows-preauth-rce
-
QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share
See how a SafeBreach Labs researcher bypassed the anti-tampering mechanism of a leading EDR to execute malicious code within one of the EDR’s own proc… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/quickshell-sharing-is-caring-about-an-rce-attack-chain-on-quick-share/
-
Cisco warns of critical RCE zero-days in end of life IP phones
Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-critical-rce-zero-days-in-end-of-life-ip-phones/
-
Critical Jenkins Vulnerabilities Expose Servers To RCE Attack
Jenkins, an open source automation server, has been found to have two security issues, one of which is a critical flaw that, if exploited, might lead … First seen on gbhackers.com Jump to article: gbhackers.com/critical-jenkins-vulnerabilities/
-
CISA warns about actively exploited Apache OFBiz RCE flaw
Tags: apache, attack, cisa, cybersecurity, exploit, flaw, infrastructure, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting A… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-about-actively-exploited-apache-ofbiz-rce-flaw/
-
RCE possible with critical Apache OFBiz zero-day
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rce-possible-with-critical-apache-ofbiz-zero-day
-
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for in… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-progress-whatsup-rce-flaw-now-under-active-exploitation/
-
Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault
Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenar… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/samsung-to-pay-1-000-000-for-rces-on-galaxys-secure-vault/
-
Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)
CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthentic… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/05/cve-2024-38856/
-
PatchNow: ServiceNow Critical RCE Bugs Under Active Exploit
First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit
-
Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as p… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/26/cve-2024-6327/
-
Attacks exploiting critical ServiceNow RCE bugs underway
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/attacks-exploiting-critical-servicenow-rce-bugs-underway
-
Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Ser… First seen on securityaffairs.com Jump to article: securityaffairs.com/166168/security/telerik-report-server-cve-2024-6327.html
-
Critical ServiceNow RCE flaws actively exploited to steal credentials
Tags: breach, credentials, data, exploit, flaw, government, rce, remote-code-execution, theft, threatThreat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft a… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-servicenow-rce-flaws-actively-exploited-to-steal-credentials/
-
Progress warns of critical RCE bug in Telerik Report Server
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compro… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/progress-warns-of-critical-rce-bug-in-telerik-report-server/
-
CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Kn… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/cisa-warns-of-actively-exploited-rce.html
-
Hackers are actively exploiting PHP RCE vulnerability (CVE-2024-4577)
A critical vulnerability in PHP, designated CVE-2024-4577, has become a prime target for cybercriminals within a day of its public disclosure in June … First seen on securityonline.info Jump to article: securityonline.info/hackers-are-actively-exploiting-php-rce-vulnerability-cve-2024-4577/
-
RCE flaw and DNS zero-day top list of Patch Tuesday bugs
Tags: authentication, dns, flaw, microsoft, rce, remote-code-execution, update, vulnerability, zero-dayAn RCE vulnerability in a Microsoft messaging feature and a third-party flaw in a DNS authentication protocol are the most pressing issues to address … First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366588458/RCE-flaw-and-DNS-zero-day-top-list-of-Patch-Tuesday-bugs
-
CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks
First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-critical-geoserver-geotools-rce-flaw-is-exploited-in-attacks/
-
Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-outlook-zero-click-rce/
-
PHP bug executes RCEs, cryptominers and DDoS attacks
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/php-bug-executes-rces-cryptominers-and-ddos-attacks
-
Active exploitation of Ghostscript RCE underway
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/active-exploitation-of-ghostscript-rce-underway
-
New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems
OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html
-
Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code executio… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/prompt-injection-flaw-in-vanna-ai.html
-
RCE bug in widely used Ghostscript library now exploited in attacks
A remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in at… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/rce-bug-in-widely-used-ghostscript-library-now-exploited-in-attacks/
-
Vanna AI Prompt Injection Vulnerability Enables RCE
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36048/Vanna-AI-Prompt-Injection-Vulnerability-Enables-RCE.html