Printing vulnerability affecting Linux distros raises alarm | Computer Weekly
The newly discovered vulnerabilities in Cups pose a significant security risk to numerous devices, potentially exposing them to remote code execution.
Critical Flaws in Traccar GPS System Expose Users to Remote Attacks
Traccar GPS system has critical vulnerabilities allowing remote code execution via path traversal if guest registration is enabled, posing serious security risks.
MediaTek says 'Happy New Year' with critical RCE, other bugs
MediaTek disclosed a critical vulnerability affecting 51 chipsets, posing severe security risks to multiple device categories.
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation
Sophos has patched critical vulnerabilities in its Firewall products to prevent remote code execution and privileged access.
Printing vulnerability affecting Linux distros raises alarm | Computer Weekly
The newly discovered vulnerabilities in Cups pose a significant security risk to numerous devices, potentially exposing them to remote code execution.
Critical Flaws in Traccar GPS System Expose Users to Remote Attacks
Traccar GPS system has critical vulnerabilities allowing remote code execution via path traversal if guest registration is enabled, posing serious security risks.
MediaTek says 'Happy New Year' with critical RCE, other bugs
MediaTek disclosed a critical vulnerability affecting 51 chipsets, posing severe security risks to multiple device categories.
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation
Sophos has patched critical vulnerabilities in its Firewall products to prevent remote code execution and privileged access.
Critical security flaw in Apache Struts 2 allows file upload manipulation, posing severe risks of remote code execution; immediate updates are essential.
Doomsday 9.9 unauthenticated RCE bug affects all Linux
A critical 9.9-rated unauthenticated RCE flaw is affecting GNU/Linux systems, with no fix yet despite disclosure to developers three weeks ago.
Thousands of PAN-OS devices compromised by critical exploits
Palo Alto Networks firewalls were compromised due to two security bugs, allowing attackers to deploy backdoors and malware.
Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization
Apache MINA's CVE-2024-52046 vulnerability could lead to remote code execution, necessitating urgent updates and careful configuration to mitigate risks.
D-Link says replace vulnerable routers or risk pwnage
Users of older D-Link VPN routers should replace their devices to avoid critical security vulnerabilities.
The vulnerability allows for remote code execution without authentication, raising significant security concerns.
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
Apache Tomcat's recent security patch fixes a critical vulnerability that could allow remote code execution, particularly in case-insensitive file systems.
Critical Apache Struts bug under active exploit
Critical security flaw in Apache Struts 2 allows file upload manipulation, posing severe risks of remote code execution; immediate updates are essential.
Doomsday 9.9 unauthenticated RCE bug affects all Linux
A critical 9.9-rated unauthenticated RCE flaw is affecting GNU/Linux systems, with no fix yet despite disclosure to developers three weeks ago.
Thousands of PAN-OS devices compromised by critical exploits
Palo Alto Networks firewalls were compromised due to two security bugs, allowing attackers to deploy backdoors and malware.
Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization
Apache MINA's CVE-2024-52046 vulnerability could lead to remote code execution, necessitating urgent updates and careful configuration to mitigate risks.
D-Link says replace vulnerable routers or risk pwnage
Users of older D-Link VPN routers should replace their devices to avoid critical security vulnerabilities.
The vulnerability allows for remote code execution without authentication, raising significant security concerns.
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
Apache Tomcat's recent security patch fixes a critical vulnerability that could allow remote code execution, particularly in case-insensitive file systems.
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise
Flaws in Palo Alto Networks and SonicWall VPNs could allow remote code execution on Windows and macOS, exposing users to significant security risks.
700K+ DrayTek routers are sitting ducks on the internet
A critical vulnerability in DrayTek routers could allow remote-code execution, risking sensitive data and system integrity.
Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
Thousands of Prometheus servers lack proper authentication, risking data leakage, DoS, and remote code execution attacks due to their exposure on the internet.
Zero Day Initiative - CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections
CVE-2024-38213 allows bypassing Windows mark-of-the-web protections leading to remote code execution via WebDAV shares.
Microsoft offers updates on 117 vulnerabilities on Patch Tuesday
Microsoft released updates addressing 117 vulnerabilities, including two actively exploited threats that pose significant risks to users.
0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices
A critical vulnerability known as '0.0.0.0 Day' impacts major web browsers, allowing malicious sites to breach local networks.
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise
Flaws in Palo Alto Networks and SonicWall VPNs could allow remote code execution on Windows and macOS, exposing users to significant security risks.
700K+ DrayTek routers are sitting ducks on the internet
A critical vulnerability in DrayTek routers could allow remote-code execution, risking sensitive data and system integrity.
Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
Thousands of Prometheus servers lack proper authentication, risking data leakage, DoS, and remote code execution attacks due to their exposure on the internet.
Zero Day Initiative - CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections
CVE-2024-38213 allows bypassing Windows mark-of-the-web protections leading to remote code execution via WebDAV shares.
Microsoft offers updates on 117 vulnerabilities on Patch Tuesday
Microsoft released updates addressing 117 vulnerabilities, including two actively exploited threats that pose significant risks to users.
0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices
A critical vulnerability known as '0.0.0.0 Day' impacts major web browsers, allowing malicious sites to breach local networks.
Zero Day Initiative - CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
Ivanti Avalanche, an enterprise mobility management program, has recently been patched for a remote code execution vulnerability.
Successful exploitation of the vulnerability could allow an authenticated attacker to execute code in the context of SYSTEM.
Apache issues patches for critical Struts 2 RCE bug
The Apache Struts 2 vulnerability (CVE-2024-53677) has a severity rating of 9.5 and poses a serious security risk, necessitating immediate action for users.
Zero Day Initiative - CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
Ivanti Avalanche, an enterprise mobility management program, has recently been patched for a remote code execution vulnerability.
Successful exploitation of the vulnerability could allow an authenticated attacker to execute code in the context of SYSTEM.
Apache issues patches for critical Struts 2 RCE bug
The Apache Struts 2 vulnerability (CVE-2024-53677) has a severity rating of 9.5 and poses a serious security risk, necessitating immediate action for users.
Zero Day Initiative - Exploiting Exchange PowerShell After ProxyNotShell: Part 3 - DLL Loading Chain for RCE
The article explains a chain of vulnerabilities in Microsoft Exchange that lead to remote code execution.
September Patch Tuesday: Update before 1 October | Computer Weekly
Microsoft has issued critical fixes for multiple remote code vulnerabilities in its September 2024 update, indicating urgency for users to patch their systems.
PoCcode released for zero-click Windows critical vuln
Windows users must install the latest patches swiftly to protect against CVE-2024-38063, a critical vulnerability that allows remote code execution.
Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share
As many as 10 security flaws were discovered in Google's Quick Share utility, leading to a potential remote code execution threat on systems with the software.
Google patches Quick Share for Windows to shut malware hole
Google's Quick Share for Windows had 10 now-fixed bugs, allowing remote code execution through a full RCE chain.
Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share
As many as 10 security flaws were discovered in Google's Quick Share utility, leading to a potential remote code execution threat on systems with the software.
Google patches Quick Share for Windows to shut malware hole
Google's Quick Share for Windows had 10 now-fixed bugs, allowing remote code execution through a full RCE chain.