Tag: rce
-
Splunk Enterprise Multiple Vulnerabilities for RCE
Summary Splunk has disclosed several high-severity vulnerabilities in Splunk Enterprise and Splunk Cloud Platform, which allowattackers to execute remote code on vulnerable systems. The vulnerabilities, First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2024/10/16/splunk-enterprise-multiple-vulnerabilities-for-rce/
-
pac4j Java Framework Vulnerable to RCE Attacks
A critical security vulnerability has been discovered in the popular Java framework pac4j. The vulnerability specifically affects versions before 4.0 of the pac4j-core module. This vulnerability, identified as CVE-2023-25581, exposes systems to potential remote code execution (RCE) attacks due to a flaw in the deserialization process. Vulnerability Details CVE-2023-25581 The issue stems from a […]…
-
Critical Veeam RCE leveraged in Akira, Fog ransomware attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/critical-veeam-rce-leveraged-in-akira-fog-ransomware-attacks
-
Akira, Fog Ransomware Leverages Critical Veeam RCE
First seen on scworld.com Jump to article: www.scworld.com/brief/akira-fog-ransomware-leverages-critical-veeam-rce
-
Akira and Fog ransomware now exploit critical Veeam RCE flaw
Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/akira-and-fog-ransomware-now-exploiting-critical-veeam-rce-flaw/
-
Patch Tuesday: Microsoft Fixes Management Console RCE Zero-Day
First seen on scworld.com Jump to article: www.scworld.com/brief/patch-tuesday-microsoft-fixes-management-console-rce-zero-day
-
CISA says critical Fortinet RCE flaw now exploited in attacks
Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-says-critical-fortinet-rce-flaw-now-exploited-in-attacks/
-
New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/software/new-scanner-finds-linux-unix-servers-exposed-to-cups-rce-attacks/
-
Apache Avro SDK Flaw Could Enable Java Apps RCE
First seen on scworld.com Jump to article: www.scworld.com/brief/apache-avro-sdk-flaw-could-enable-java-apps-rce
-
RCE in Java apps likely with critical Apache Avro SDK vulnerability
First seen on scworld.com Jump to article: www.scworld.com/brief/rce-in-java-apps-likely-with-critical-apache-avro-sdk-vulnerability
-
Critical Apache Avro SDK RCE flaw impacts Java applications
A critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances. A critical vulnerability, tracked as CVE-2024-47561, in the Apache Avro Java Software Development Kit (SDK) could allow the execution of arbitrary code on vulnerable instances. The flaw, tracked as CVE-2024-47561, impacts all versions of…
-
RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files
The researcher investigated the potential security risks associated with debugging dump files in Visual Studio by focusing on vulnerabilities that could be exploited without relying on memory corruption or specific PDB file components. After analyzing various libraries used during debug sessions, they discovered a method to execute arbitrary code when debugging managed dump files, which…
-
Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/06/week-in-review-critical-zimbra-rce-vulnerability-exploited-patch-tuesday-forecast/
-
14 DrayTek vulnerabilities patched, including max-severity RCE flaw
First seen on scworld.com Jump to article: www.scworld.com/news/14-draytek-vulnerabilities-patched-including-max-severity-rce-flaw
-
Zimbra email platform under active attack, RCE possible
First seen on scworld.com Jump to article: www.scworld.com/news/zimbra-email-platform-under-active-attack-rce-possible
-
14 DrayTek Vulns Patched, Including RCE Flaw
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36424/14-DrayTek-Vulns-Patched-Including-RCE-Flaw.html
-
Critical Ivanti RCE flaw with public exploit now used in attacks
Tags: attack, cisa, endpoint, exploit, flaw, ivanti, rce, remote-code-execution, threat, vulnerabilityCISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-ivanti-rce-flaw-with-public-exploit-now-used-in-attacks/
-
Network switch RCE flaw impacts critical infrastructure
U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-network-switch-rce-flaw-impacts-critical-infrastructure/
-
Critical Zimbra RCE flaw exploited to backdoor servers using emails
Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply by sending specially crafted emails to the SMTP server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-exploited-to-backdoor-servers-using-emails/
-
Critical Zimbra RCE flaw actively exploited to take over servers
Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply by sending specially crafted emails to the SMTP server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-actively-exploited-to-take-over-servers/
-
Zimbra Mail Servers Under Siege Through RCE Vuln
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36417/Zimbra-Mail-Servers-Under-Siege-Through-RCE-Vuln.html
-
‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln
Attacks began the day after public disclosure First seen on theregister.com Jump to article: www.theregister.com/2024/10/02/mass_exploitation_of_zimbra_rce/
-
Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)
Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/02/cve-2024-45519-exploited/
-
Zimbra RCE Vuln Under Attack Needs Immediate Patching
The bug gives attackers a way to run arbitrary code on affected servers and take control of them. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/recent-zimbra-rce-under-attack-patch-now
-
Arc browser launches bug bounty program after fixing RCE bug
The Browser Company has introduced an Arc Bug Bounty Program to encourage security researchers to report vulnerabilities to the project and receive rewards. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/arc-browser-launches-bug-bounty-program-after-fixing-rce-bug/
-
Vulnerability Recap 10/01/24 NVIDIA, Ivanti Newcomer Kia See Issues
This week’s vulnerabilities include an RCE flaw for vehicle manufacturer Kia, as well as issues for Ivanti, NVIDIA, Linux, and Microsoft. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/vulnerability-recap-october-01-2024/
-
Critical RCE Vulnerabilities Found in Common Unix Printing System
The newly identified vulnerabilities exploit improper input validation when managing printer requests over the network First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rce-vulnerabilities-cups/
-
Linux/Unix RCE-Schwachstellen im CUPS (Sept. 2024)
Im Drucksystems CUPS, welches unter Linux und Unix zum Einsatz kommt, gibt es gleich mehrere kritische Schwachstellen. Diese lassen sich unter bestimmten Konstellationen für Remote Code Execution-Angriffe (RCE) verwenden. Was ist CUPS? Das Kürzel CUPS steht für Common Unix Printing System. … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/09/28/linux-unix-rce-schwachstellen-im-cups-sept-2024/
-
CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE
After much hyping and following prematurely leaked information by a third party, security researcher Simone Margaritelli has released details about four zero-day … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/27/cups-vulnerabilities/
-
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities
Frequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26. Background The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a series of vulnerabilities in the Common UNIX Printing System (CUPS). We will update this blog…