Threats & Malware, Vulnerabilities
February 6, 2024
Via: The RegisterFortinet’s FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution. Both CVE-2024-23108 and CVE-2024-23109 have been assigned provisional scores of 10 on the CVSS scale, suggesting exploits can be carried out remotely by […]
Threats & Malware, Vulnerabilities
December 19, 2023
Via: The RegisterFour vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched “immediately,” according to Microsoft, which spotted the flaws and disclosed them to the software vendor. Perforce Server is a source code management platform […]
Threats & Malware, Vulnerabilities
December 6, 2023
Via: The RegisterAtlassian has emailed its customers to warn of four critical vulnerabilities, but the message had flaws of its own – the links it contained weren’t live for all readers at the time of despatch. The email, seen by The Register, […]
Threats & Malware, Vulnerabilities
December 6, 2023
Via: The RegisterA security vulnerability previously added to CISA’s Known Exploited Vulnerability catalog (KEV), which was recognized by CVE Numbering Authorities (CNA), and included in reputable threat reports is now being formally rejected by infosec organizations. CISA removed CVE-2022-28958 from its KEV […]
Threats & Malware, Vulnerabilities
November 27, 2023
Via: Help Net SecurityA proof-of-concept (PoC) exploit for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that can lead to remote code execution has been made public. Users are advised to implement the provided patches or workarounds quickly. About CVE-2023-46214 Splunk Enterprise is a […]
Threats & Malware, Vulnerabilities
October 13, 2023
Via: The RegisterPerceived weaknesses in the security of Microsoft’s Visual Studio IDE are being raised once again this week with a fresh single-click exploit. Developed by Zhiniang Peng, principal security researcher and chief architect of security at Sangfor, the proof of concept […]
Threats & Malware, Vulnerabilities
September 7, 2023
Via: The Hacker NewsPatches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible […]
Threats & Malware, Vulnerabilities
September 6, 2023
Via: The Hacker NewsNine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL). “The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation,” Nozomi […]
July 20, 2023
Via: The Hacker NewsIf it seems like Remote Desktop Protocol (RDP) has been around forever, it’s because it has (at least compared to the many technologies that rise and fall within just a few years.) The initial version, known as “Remote Desktop Protocol […]
Threats & Malware, Vulnerabilities
June 28, 2023
Via: The Hacker NewsMultiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable systems. “These SQL injections happened despite the use of an Object-Relational Mapping (ORM) library and prepared statements,” SonarSource researcher Thomas […]
Threats & Malware, Virus & Malware
February 7, 2023
Via: Dark ReadingA global ransomware attack on VMware ESXi hypervisors is expanding, according to multiple government agencies and researchers, having already infected thousands of targets. The attack, first flagged late Feb. 3 by the French Computer Emergency Response Team (CERT-FR), has already […]
Threats & Malware, Vulnerabilities
November 15, 2022
Via: Help Net SecurityA critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is Backstage? Having more than 19,000 stars on Github, Backstage is one […]
Mobile, Threats & Malware, Vulnerabilities, Wireless security
August 2, 2022
Via: Security WeekThe critical vulnerability is tracked as CVE-2022-20345 and it affects the System component. It has been patched with Android 12 and 12L updates. According to Google, an attacker does not require additional execution privileges to remotely execute arbitrary code over […]
Threats & Malware, Vulnerabilities
February 10, 2022
Via: Security WeekWith more than 30,000 downloads, the PHP Everywhere plugin is an open-source plugin designed to enable PHP code everywhere in the WordPress installation. The latest PHP Everywhere iteration was released last month with patches for three critical vulnerabilities (CVSS score […]
Threats & Malware, Vulnerabilities
January 7, 2022
Via: The Hacker NewsResearchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j “Log4Shell” vulnerability that came to light last month. The issue, tracked as CVE-2021-42392, is the ” […]
Threats & Malware, Vulnerabilities
April 20, 2021
Via: Security AffairsSecurity experts from Cisco Talos have found two remote code execution (RCE) vulnerabilities in the Cosori Smart Air Fryer. The Cosori Smart Air Fryer is an appliance with smart capabilities that cooks food with a variety of methods and settings. […]
Threats & Malware, Vulnerabilities
November 19, 2020
Via: Security WeekThe vulnerability, tracked as CVE-2020-13671, has been classified as critical, but it’s worth mentioning that Drupal uses the NIST Common Misuse Scoring System, which assigns vulnerabilities a score ranging between 0 and 25, with “critical” being only the second highest […]
Threats & Malware, Vulnerabilities
November 3, 2020
Via: Security AffairsGoogle has released Chrome 86.0.4240.183 for Windows, Mac, and Linux that address ten security vulnerabilities including a remote code execution (RCE) zero-day (CVE-2020-16009) exploited by threat actors in the wild. The RCE is an inappropriate implementation in V8, which is […]
Threats & Malware, Vulnerabilities
July 16, 2020
Via: Security AffairsCisco has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices. An attacker could exploit the vulnerabilities to completely takeover the network devices. Cisco also addressed […]
Threats & Malware, Vulnerabilities
August 28, 2018
Via: Hot for SecurityA critical remote code execution vulnerability in a Facebook server was recently patched after security researcher Daniel ‘Blaklis’ Le Gall reported it using a proof-of-concept. The vulnerability was found in an unstable Sentry service – a cross-platform application capable of […]