Tag: rce
-
PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)
Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achiev… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/04/cve-2024-4358-cve-2024-1800-poc/
-
Zyxel issues emergency RCE patch for endlife NAS devices
Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-o… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zyxel-issues-emergency-rce-patch-for-end-of-life-nas-devices/
-
High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)
If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-se… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/03/cve-2024-21683-poc/
-
Experts released PoC exploit code for RCE in Fortinet SIEM
Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution. Security researchers at… First seen on securityaffairs.com Jump to article: securityaffairs.com/163797/hacking/fortinet-siem-critical-rce-poc.html
-
Critical Netflix Genie Bug Opens Big Data Orchestration to RCE
The severe security vulnerability (CVE-2024-4701, CVSS 9.9) gives remote attackers a way to burrow into Netflix’s Genie open source platform, which is… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/netflix-fixes-critical-vulnerability-on-big-data-orchestration-service
-
Exploit released for maximum severity Fortinet RCE bug, patch now
‹Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet’s security information and event… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-released-for-maximum-severity-fortinet-rce-bug-patch-now/
-
TP-Link fixes critical RCE bug in popular C5400X gaming router
The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on t… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/tp-link-fixes-critical-rce-bug-in-popular-c5400x-gaming-router/
-
Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms
An on-by-default endpoint in ubiquitous logging service Fluent Bit contains an oversight that hackers can toy with to rattle most any cloud environmen… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/critical-bug-dos-rce-data-leaks-in-all-major-cloud-platforms
-
AI-as-a-Service Platform Patches Critical RCE Vulnerability
Hackers Could Exploit Bug on Replicate to Steal Data, Manipulate AI Models. Attackers could have exploited a now-mitigated critical vulnerability in t… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ai-as-a-service-platform-patches-critical-rce-vulnerability-a-25324
-
Experts released PoC exploit code for RCE in QNAP QTS
Experts warn of fifteen vulnerabilities in the QNAP QTS, the operating system for the Taiwanese vendor’s NAS products. An audit of QNAP QTS conducted … First seen on securityaffairs.com Jump to article: securityaffairs.com/163470/hacking/fifteen-vulnerabilities-in-the-qnap-qts.html
-
PoC Exploit Released for QNAP QTS zero-day RCE Flaw
Researchers have shown a proof-of-concept (PoC) attack for a zero-day remote code execution (RCE) flaw in the QTS operating system from QNAP. Users of… First seen on gbhackers.com Jump to article: gbhackers.com/poc-exploit-released-2/
-
QNAP QTS zero-day in Share feature gets public RCE exploit
An extensive security audit of QNAP QTS, the operating system for the company’s NAS products, has uncovered fifteen vulnerabilities of varying severit… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/qnap-qts-zero-day-in-share-feature-gets-public-rce-exploit/
-
6K-plus AI models may be affected by critical RCE vulnerability
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/6k-plus-ai-models-may-be-affected-by-critical-rce-vulnerability
-
Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)
New versions of Git are out, with fixes for five vulnerabilities, the most critical (CVE-2024-32002) of which can be used by attackers to remotely exe… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/16/git-cve-2024-32002/
-
PoC Exploit Released For D-LINK RCE Zero-Day Vulnerability
Two critical vulnerabilities have been discovered in D-Link DIR-X4860 routers which were associated with Authentication bypass due to HNAP port and re… First seen on gbhackers.com Jump to article: gbhackers.com/d-link-rce-zero-day-exploit-released/
-
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by att… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/poc-exploit-released-for-rce-zero-day-in-d-link-exo-ax4800-routers/
-
Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE
First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/critical-bug-50k-tinyproxy-servers-dos-rce
-
Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks
HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote c… First seen on thehackernews.com Jump to article: thehackernews.com/2024/05/four-critical-vulnerabilities-expose.html
-
Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam fixes RCE flaw in backup management platform (… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/12/week-in-review-veeam-fixes-rce-flaw-in-backup-management-platform-patch-tuesday-forecast/
-
Apache OFBiz RCE Flaw Let Attackers Execute Malicious Code Remotely
Many businesses use enterprise resource planning (ERP) systems like Apache OFBiz. However, it has been found to have significant security holes that l… First seen on gbhackers.com Jump to article: gbhackers.com/apache-ofbiz-rce-flaw/
-
HPE Aruba Vulnerabilities: Prevent Systems From RCE Attacks
Recently, HPE Aruba Networking, formerly known as Aruba Networks, has encountered significant security challenges. Vulnerabilities in their ArubaOS, t… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/hpe-aruba-vulnerabilities-prevent-systems-from-rce-attacks/
-
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)
Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the pat… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/08/cve-2024-29212/
-
Widespread RCE compromise likely with critical TinyProxy bug
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/widespread-rce-compromise-likely-with-critical-tinyproxy-bug
-
Veeam RCE Flaws Let Hackers Gain Access To VSPC Servers
Veeam Service Provider console has been discovered with two critical vulnerabilities that were associated with Remote Code Execution. A CVE for these … First seen on gbhackers.com Jump to article: gbhackers.com/veeam-rce-flaws-vspc-servers/
-
Palo Alto Networks discloses RCE zero-day vulnerability
Tags: exploit, flaw, injection, network, rce, remote-code-execution, software, threat, vulnerability, zero-dayThreat actors have exploited the remote code injection flaw, which affects the GlobalProtect gateway in Palo Alto Networks’ PAN-OS software, in a ‘lim… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366580732/Palo-Alto-Networks-discloses-RCE-zero-day-vulnerability
-
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw
First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-50-000-tinyproxy-servers-vulnerable-to-critical-rce-flaw/
-
Bug hunters can get up to $450,000 for an RCE in Google’s Android apps
Google has drastically increased the rewards bug hunters can get for reporting vulnerabilities in Android apps it develops and maintains. >>We increas… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/03/google-android-apps-vulnerabilities/
-
HPE Aruba Networking addressed four critical ArubaOS RCE flaws
HPE Aruba Networking addressed four critical remote code execution vulnerabilities impacting its ArubaOS network operating system. HPE Aruba Networkin… First seen on securityaffairs.com Jump to article: securityaffairs.com/162663/security/hpe-aruba-networking-critical-flaws.html
-
HPE Aruba Networking fixes four critical RCE flaws in ArubaOS
HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple ver… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hpe-aruba-networking-fixes-four-critical-rce-flaws-in-arubaos/
-
Google now pays up to $450,000 for RCE bugs in some Android apps
Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, wi… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-now-pays-up-to-450-000-for-rce-bugs-in-some-android-apps/