Aug 09, 2024Ravie LakshmananVulnerability / Network Security Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE). "This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in … [Read more...] about Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE
RCE
Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Mar 18, 2024NewsroomVulnerability / Threat Mitigation Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory … [Read more...] about Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
Jan 13, 2024NewsroomVulnerability / Network Security Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. "An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX … [Read more...] about Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
Insecure Default Configuration Exposes Servers to RCE Attacks
Apr 26, 2023Ravie LakshmananServer Security / Vulnerability The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a … [Read more...] about Insecure Default Configuration Exposes Servers to RCE Attacks
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite
A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned CVE-2022-41352, carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions … [Read more...] about Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite
Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released
Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers' network. The issue, tracked as CVE-2022-3236 (CVSS score: 9.8), impacts Sophos Firewall v19.0 MR1 (19.0.1) and older and concerns a code injection vulnerability in the User … [Read more...] about Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released
High-Severity RCE Vulnerability Reported in Popular Fastjson Library
Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called "AutoType." It was patched by the project … [Read more...] about High-Severity RCE Vulnerability Reported in Popular Fastjson Library
Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel
Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could "allow an attacker to execute arbitrary code in the context of the … [Read more...] about Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel
Researchers Report Critical RCE Vulnerability in Google’s VirusTotal Platform
Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE). The flaw, now patched, made it possible to "execute commands remotely within VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and Marlon Fabiano da … [Read more...] about Researchers Report Critical RCE Vulnerability in Google’s VirusTotal Platform
Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console
Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month. The issue, tracked as CVE-2021-42392, is the " first critical issue published since Log4Shell, on a component other than Log4j, that exploits the same root cause of the … [Read more...] about Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console