RCE Archives - Page 6 of 25 - Security Affairs

Pierluigi Paganini March 22, 2022

Three critical RCE flaws affect hundreds of HP printer models

Three critical RCE flaws affect hundreds of HP LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models. HP issued a security bulletin warning of a buffer overflow vulnerability, tracked as CVE-2022-3942 (CVSS score 8.4), that could lead to remote code execution on vulnerable devices. “Certain HP Print products and Digital Sending products may […]

Pierluigi Paganini March 15, 2022

Critical flaws affect Veeam Data Backup software

Veeam addressed two critical vulnerabilities impacting the Backup & Replication product for virtual environments. Veeam has released security patches to fix two critical vulnerabilities, tracked as CVE-2022-26500 and CVE-2022-26501 (CVSS score of 9.8), impacting the Backup & Replication solution for virtual environments. The solution implements data backup and restore capabilities for virtual machines running on […]

Pierluigi Paganini February 26, 2022

UK’s NHS Digital warns of an RCE in Okta Advanced Server Access client

The UK’s NHS Digital agency warns of an RCE in the Windows client for the Okta Advanced Server Access authentication management platform. The UK’s NHS Digital agency published a security advisory to warn organizations of a remote code execution flaw, tracked as CVE-2022-24295, impacting the Windows client for the Okta Advanced Server Access authentication management […]

Pierluigi Paganini February 16, 2022

Experts disclose details of Apache Cassandra DB RCE

Researchers disclose a now-patched remote code execution (RCE) vulnerability in the Apache Cassandra database software. JFrog researchers publicly disclosed details of a now-patched high-severity security vulnerability (CVE-2021-44521) in Apache Cassandra database software that could be exploited by remote attackers to achieve code execution on affected installations. Apache Cassandra is an open-source NoSQL distributed database used […]

Pierluigi Paganini January 28, 2022

Zerodium offers $400,000 for Microsoft Outlook RCE zero-day exploits

Zero-day exploit broker Zerodium announced it will pay $400,000 for zero-day RCE in Microsoft Outlook email client. The zero-day exploit broker Zerodium has announced it will pay $400,000 for zero-day remote code execution (RCE) vulnerabilities in the Microsoft Outlook email client. The company pointed out that the increased payout for this specific vulnerability exploit is […]

Pierluigi Paganini January 25, 2022

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall’s Secure Mobile Access (SMA) gateways addressed in December. Threat actors are actively exploiting a critical flaw, tracked as CVE-2021-20038, in SonicWall’s Secure Mobile Access (SMA) gateways addressed by the vendor in December. The vulnerability is an unauthenticated stack-based buffer overflow that was reported by […]

Pierluigi Paganini January 20, 2022

Cisco StarOS flaws could allow remote code execution and information disclosure

Cisco addressed a critical RCE flaw in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. Cisco has addressed a critical remote code execution vulnerability, tracked as CVE-2022-20649, discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. The flaw, discovered by the company experts during internal security testing, can be exploited by […]

Pierluigi Paganini January 12, 2022

Adobe fixes 4 critical Reader bugs that were demonstrated at Tianfu Cup

Adobe released security updates to address multiple vulnerabilities affecting several products, including Acrobat and Reader. Adobe patches for January address 41 vulnerabilities in Windows and macOS versions of Acrobat and Reader products, Illustrator, Adobe Bridge, InCopy, and InDesign. 22 of these vulnerabilities were reported through the ZDI program. The software giant fixed a total of […]

Pierluigi Paganini January 11, 2022

Microsoft Patch Tuesday fixes critical Office RCE

Microsoft Patch Tuesday security updates fix a critical Office flaw that can allow remote attackers to execute malicious code on vulnerable systems. Microsoft Patch Tuesday security updates for January 2022 patch 96 vulnerabilities in Microsoft Windows and Windows Components, Microsoft Edge (Chromium-based), Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, […]

Pierluigi Paganini December 04, 2021

CISA warns of vulnerabilities in Hitachi Energy products

CISA has released six advisories to warn organizations about security vulnerabilities affecting Hitachi Energy products The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published six advisories to inform organizations about the availability of security patches and notifications for vulnerabilities impacting Hitachi Energy products. CISA’s advisories are related to RTU500 series bidirectional communication interface, Relion protection and control […]

RCE

Three critical RCE flaws affect hundreds of HP printer models

Critical flaws affect Veeam Data Backup software

UK’s NHS Digital warns of an RCE in Okta Advanced Server Access client

Experts disclose details of Apache Cassandra DB RCE

Zerodium offers $400,000 for Microsoft Outlook RCE zero-day exploits

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

Cisco StarOS flaws could allow remote code execution and information disclosure

Adobe fixes 4 critical Reader bugs that were demonstrated at Tianfu Cup

Microsoft Patch Tuesday fixes critical Office RCE

CISA warns of vulnerabilities in Hitachi Energy products

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

UK NCA arrested four people over M&S, Co-op cyberattacks

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

Qantas data breach impacted 5.7 million individuals

DoNot APT is expanding scope targeting European foreign ministries

Nippon Steel Solutions suffered a data breach following a zero-day attack

QUICK LINKS

RCE

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!