JetBrains TeamCity, a popular integration and deployment tool, is vulnerable to an authentication bypass flaw. CVE-2023-42793 affects on-premise instances of the TeamCity CI/CD servers. Successful exploitation of the vulnerability may lead to remote code execution. The vulnerability has been given a critical severity rating with a CVSS score of 9.8.
Tag: RCE
Apache HTTP Server Path Normalization and Remote Code Execution (RCE) Vulnerability (CVE-2021-42013)
The Apache Software Foundation has published additional security updates for its HTTP Server to remediate an incomplete fix for a path traversal and Remote Code Execution (RCE) vulnerability patched in the first week of October 2021 (CVE-2021-41773). CVE-2021-42013 is based upon a path normalization bug, which allowed an unauthenticated remote user to view files on the Apache Web … Continue reading “Apache HTTP Server Path Normalization and Remote Code Execution (RCE) Vulnerability (CVE-2021-42013)”
Apple macOS Finder Remote Code Execution Zero-Day Vulnerability
A zero-day security flaw in Apple’s macOS Finder system has been detected. This vulnerability allows remote attackers to fool users into running arbitrary commands. Zero-day vulnerabilities are defects that have been publicly published but have not yet been patched by the vendor. These vulnerabilities are sometimes actively exploited by attackers or have publicly available proof-of-concept exploits. … Continue reading “Apple macOS Finder Remote Code Execution Zero-Day Vulnerability”
VMware vCenter Affected By Critical Vulnerabilities
Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware. These vulnerabilities have CVSS scores ranging from 4.3 to 9.8. Out of these vulnerabilities, the most critical was CVE-2021-22005 – an arbitrary file upload vulnerability in the Analytics service, which impacts vCenter Server 6.7 and 7.0 deployments. Exploiting this vulnerability, a remote attacker could … Continue reading “VMware vCenter Affected By Critical Vulnerabilities”
Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)
As part of its monthly Patch Tuesday security updates, Microsoft has patched a collection of four vulnerabilities in OMI (Open Management Infrastructure), a mostly unknown application that the company has been silently installing on most Linux-based Azure virtual machines and related systems. OMI (Open Management Infrastructure) OMI, the app is the Linux equivalent of Microsoft’s … Continue reading “Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)”
Microsoft Windows MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)
Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise Windows/Office, Microsoft has warned on Tuesday. Tricking victims into running malicious executables remains a popular method for getting a foothold into organizations. Numerous attempts to exploit MSHTML to compromise Microsoft Windows have … Continue reading “Microsoft Windows MSHTML Remote Code Execution Vulnerability (CVE-2021-40444)”
Confluence Server OGNL injection Vulnerability (CVE-2021-26084)
On 31st August 2021, a critical remote code execution vulnerability was found in Confluence Server and Confluence Data Center. The vulnerability is tracked as CVE-2021-26084 and has a severity of 9.8. The OGNL (Object-Graph Navigation Language) injection vulnerability found allows an authenticated user, and in some instances unauthenticated users, to execute arbitrary code on a … Continue reading “Confluence Server OGNL injection Vulnerability (CVE-2021-26084)”
VMware vCenter Server Multiple Vulnerabilities (CVE-2021-21986, CVE-2021-21985)
On 25th May 2021, VMware released a security advisory to address two vulnerabilities (CVE-2021-21986, CVE-2021-21985) for vCenter Server. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on the vulnerable system. VMware has assigned critical severity for CVE-2021-21985 with a maximum CVSSv3 base score of 9.8. The severity of CVE-2021-21986 … Continue reading “VMware vCenter Server Multiple Vulnerabilities (CVE-2021-21986, CVE-2021-21985)”
Pulse Connect Secure Remote Code Execution Vulnerability (CVE-2021-22893)
An authenticated bypass vulnerability was discovered under Pulse Connect Secure (PCS), that allows an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway. News in the wild states that the new zero-day vulnerability in Pulse Secure VPN devices with CVE-2021-22893 were exploited to take over multiple US and European government … Continue reading “Pulse Connect Secure Remote Code Execution Vulnerability (CVE-2021-22893)”
Google Chrome and Microsoft Edge Zero-day Remote Code Execution Vulnerability
The second and effective zero day on Chromium-based browsers such as Google Chrome and Microsoft Edge was posted consecutively, just after yesterday’s zero-day RCE. This time, Frust, a security researcher, tweeted about a zero-day remote code execution vulnerability creating havoc in the browser-based vulnerability trend. He has released a working proof-of-concept exploit. Unless a threat … Continue reading “Google Chrome and Microsoft Edge Zero-day Remote Code Execution Vulnerability”