Tag: rce
-
Microsoft urges customers to fix zero-click Windows RCE in the TCP/IP stack
by
in SecurityNewsMicrosoft addressed a critical zero-click Windows remote code execution (RCE) in the TCP/IP stack that impacts all systems with IPv6 enabled. Microsof… First seen on securityaffairs.com Jump to article: securityaffairs.com/167117/hacking/windows-rce-tcp-ip.html
-
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
by
in SecurityNewsMicrosoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitat… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled-patch-now/
-
SolarWinds addressed a critical RCE in all Web Help Desk versions
by
in SecurityNewsSolarWinds addressed a critical remote code execution vulnerability in its Web Help Desk solutionfor customer support. SolarWinds fixed a critical vul… First seen on securityaffairs.com Jump to article: securityaffairs.com/167031/security/solarwinds-addressed-rce-whd.html
-
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
by
in SecurityNewsA critical vulnerability in SolarWinds’ Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/solarwinds-fixes-critical-rce-bug-affecting-all-web-help-desk-versions/
-
0-Click Outlook RCE Vulnerability Triggered When Email is Clicked Technical Analysis
by
in SecurityNewsNetSPI discovered that Microsoft Outlook is vulnerable to authenticated remote code execution (CVE-2024-21378) due to improper validation of synchroni… First seen on gbhackers.com Jump to article: gbhackers.com/0-click-outlook-rce-vulnerability/
-
RCE likely with exploitation of several now-addressed Google Quick Share bugs
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rce-likely-with-exploitation-of-several-now-addressed-google-quick-share-bugs
-
FreeBSD releases new patch for regreSSHion-related RCE flaw
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/freebsd-releases-new-patch-for-regresshion-related-rce-flaw
-
RCE, privilege escalation likely with chained OpenVPN flaws
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rce-privilege-escalation-likely-with-chained-openvpn-flaws
-
Microsoft found OpenVPN bugs that can be chained to achieve RCE and LPE
by
in SecurityNewsMicrosoft found four bugs in OpenVPN that could be chained to achieve remote code execution and local privilege escalation. During the Black Hat USA 2… First seen on securityaffairs.com Jump to article: securityaffairs.com/166912/hacking/openvpn-rce-lpe.html
-
CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz
by
in SecurityNewsIntroductionOn August 5, 2024, researchers at SonicWall discovered a zero-day security flaw in Apache OFBiz tracked as CVE-2024-38856. The vulnerabili… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/cve-2024-38856-pre-auth-rce-vulnerability-in-apache-ofbiz/
-
Critical Apache OfBiz Vulnerability Allows Preauth RCE
by
in SecurityNewsThe enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide a… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/critical-apache-ofbiz-vulnerability-allows-preauth-rce
-
QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share
by
in SecurityNewsSee how a SafeBreach Labs researcher bypassed the anti-tampering mechanism of a leading EDR to execute malicious code within one of the EDR’s own proc… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/quickshell-sharing-is-caring-about-an-rce-attack-chain-on-quick-share/
-
Cisco warns of critical RCE zero-days in end of life IP phones
by
in SecurityNewsCisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-critical-rce-zero-days-in-end-of-life-ip-phones/
-
Critical Jenkins Vulnerabilities Expose Servers To RCE Attack
by
in SecurityNewsJenkins, an open source automation server, has been found to have two security issues, one of which is a critical flaw that, if exploited, might lead … First seen on gbhackers.com Jump to article: gbhackers.com/critical-jenkins-vulnerabilities/
-
CISA warns about actively exploited Apache OFBiz RCE flaw
by
in SecurityNews
Tags: apache, attack, cisa, cybersecurity, exploit, flaw, infrastructure, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting A… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-about-actively-exploited-apache-ofbiz-rce-flaw/
-
RCE possible with critical Apache OFBiz zero-day
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rce-possible-with-critical-apache-ofbiz-zero-day
-
Critical Progress WhatsUp RCE flaw now under active exploitation
by
in SecurityNewsThreat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for in… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-progress-whatsup-rce-flaw-now-under-active-exploitation/
-
Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault
by
in SecurityNewsSamsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenar… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/samsung-to-pay-1-000-000-for-rces-on-galaxys-secure-vault/
-
Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)
by
in SecurityNewsCVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthentic… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/05/cve-2024-38856/
-
PatchNow: ServiceNow Critical RCE Bugs Under Active Exploit
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit
-
Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
by
in SecurityNewsProgress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as p… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/26/cve-2024-6327/
-
Attacks exploiting critical ServiceNow RCE bugs underway
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/attacks-exploiting-critical-servicenow-rce-bugs-underway
-
Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server
by
in SecurityNewsProgress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Ser… First seen on securityaffairs.com Jump to article: securityaffairs.com/166168/security/telerik-report-server-cve-2024-6327.html
-
Critical ServiceNow RCE flaws actively exploited to steal credentials
by
in SecurityNews
Tags: breach, credentials, data, exploit, flaw, government, rce, remote-code-execution, theft, threatThreat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft a… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-servicenow-rce-flaws-actively-exploited-to-steal-credentials/
-
Progress warns of critical RCE bug in Telerik Report Server
by
in SecurityNewsProgress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compro… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/progress-warns-of-critical-rce-bug-in-telerik-report-server/
-
CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Kn… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/cisa-warns-of-actively-exploited-rce.html
-
Hackers are actively exploiting PHP RCE vulnerability (CVE-2024-4577)
by
in SecurityNewsA critical vulnerability in PHP, designated CVE-2024-4577, has become a prime target for cybercriminals within a day of its public disclosure in June … First seen on securityonline.info Jump to article: securityonline.info/hackers-are-actively-exploiting-php-rce-vulnerability-cve-2024-4577/
-
RCE flaw and DNS zero-day top list of Patch Tuesday bugs
by
in SecurityNews
Tags: authentication, dns, flaw, microsoft, rce, remote-code-execution, update, vulnerability, zero-dayAn RCE vulnerability in a Microsoft messaging feature and a third-party flaw in a DNS authentication protocol are the most pressing issues to address … First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366588458/RCE-flaw-and-DNS-zero-day-top-list-of-Patch-Tuesday-bugs
-
CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks
by
in SecurityNewsFirst seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-critical-geoserver-geotools-rce-flaw-is-exploited-in-attacks/