RCE

Pierluigi Paganini June 16, 2024
ASUS fixed critical remote authentication bypass bug in several routers

Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8), impacting seven router models. The flaw is an authentication bypass issue that a remote attacker can exploit to log into the device without authentication. The flaw impacts […]

Pierluigi Paganini May 02, 2024
HPE Aruba Networking addressed four critical ArubaOS RCE flaws

HPE Aruba Networking addressed four critical remote code execution vulnerabilities impacting its ArubaOS network operating system. HPE Aruba Networking released April 2024 security updates that addressed four critical remote code execution (RCE) vulnerabilities affecting multiple versions of the network operating system ArubaOS. The four vulnerabilities are unauthenticated buffer overflow issues that could be exploited to […]

Pierluigi Paganini February 09, 2024
Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. Fortinet is warning that the recently discovered critical remote code execution vulnerability in FortiOS SSL VPN, tracked as CVE-2024-21762 (CVSS score 9.6), is actively exploited in attacks in the wild. The security firm did not provide […]

Pierluigi Paganini January 12, 2024
Juniper Networks fixed a critical RCE bug in its firewalls and switches

Juniper Networks fixed a critical pre-auth remote code execution (RCE) flaw, tracked as CVE-2024-21591, in its SRX Series firewalls and EX Series switches. Juniper Networks released security updates to address a critical pre-auth remote code execution (RCE) vulnerability, tracked as CVE-2024-21591, that resides in SRX Series firewalls and EX Series switches. The vulnerability resides in […]

Pierluigi Paganini December 10, 2023
WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw

WordPress 6.4.2 addressed a security vulnerability that could be chained with another flaw to achieve remote code execution. WordPress released a security update to address a flaw that can be chained with another issue to gain remote code execution. According to the advisory, the RCE flaw is not directly exploitable in the core, however, threat […]

Pierluigi Paganini October 23, 2023
SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

Researchers discovered three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product. Security researchers discovered three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product. SolarWinds Access Rights Manager (ARM) is a software solution developed by IT management and monitoring software provider SolarWinds, it was designed to help organizations […]

Pierluigi Paganini October 10, 2023
A flaw in libcue library impacts GNOME Linux systems

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts. libcue provides an […]

Pierluigi Paganini September 29, 2023
A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in all versions of Exim mail transfer agent (MTA) software. A critical zero-day vulnerability, tracked as CVE-2023-42115 (CVSS score 9.8), affects all versions of Exim mail transfer agent (MTA) software. A remote, unauthenticated attacker, can exploit the vulnerability to gain remote code execution (RCE) on Internet-exposed […]

Pierluigi Paganini September 14, 2023
Kubernetes flaws could lead to remote code execution on Windows endpoints

Researchers discovered three security flaws in Kubernetes that can lead to remote code execution on Windows endpoints. Akamai researchers recently discovered a high-severity vulnerability in Kubernetes tracked as CVE-2023-3676 (CVSS 8.8). This identification of this issue led to the discovery of two more vulnerabilities tracked as CVE-2023-3893, and CVE-2023-3955 (CVSS 8.8). All three vulnerabilities were caused by […]

Pierluigi Paganini June 28, 2023
Critical SQL Injection flaws in Gentoo Soko can lead to Remote Code Execution

SQL injection vulnerabilities in Gentoo Soko could lead to remote code execution (RCE) on impacted systems. SonarSource researchers discovered two SQL injection vulnerabilities in Gentoo Soko, collectively tracked as CVE-2023-28424 (CVSS score: 9.1) [1],[2], that can be exploited by a remote attacker to execute arbitrary code on vulnerable systems. “The two package search handlers, Search […]