JetBrains TeamCity, a popular integration and deployment tool, is vulnerable to an authentication bypass flaw. CVE-2023-42793 affects on-premise instances of the TeamCity CI/CD servers. Successful exploitation of the vulnerability may lead to remote code execution. The vulnerability has been given a critical severity rating with a CVSS score of 9.8.
Tag: Remote Code Execution
Apple macOS Finder Remote Code Execution Zero-Day Vulnerability
A zero-day security flaw in Apple’s macOS Finder system has been detected. This vulnerability allows remote attackers to fool users into running arbitrary commands. Zero-day vulnerabilities are defects that have been publicly published but have not yet been patched by the vendor. These vulnerabilities are sometimes actively exploited by attackers or have publicly available proof-of-concept exploits. … Continue reading “Apple macOS Finder Remote Code Execution Zero-Day Vulnerability”
VMware vCenter Affected By Critical Vulnerabilities
Multiple vulnerabilities in VMware vCenter Server were privately reported to VMware. These vulnerabilities have CVSS scores ranging from 4.3 to 9.8. Out of these vulnerabilities, the most critical was CVE-2021-22005 – an arbitrary file upload vulnerability in the Analytics service, which impacts vCenter Server 6.7 and 7.0 deployments. Exploiting this vulnerability, a remote attacker could … Continue reading “VMware vCenter Affected By Critical Vulnerabilities”
Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)
As part of its monthly Patch Tuesday security updates, Microsoft has patched a collection of four vulnerabilities in OMI (Open Management Infrastructure), a mostly unknown application that the company has been silently installing on most Linux-based Azure virtual machines and related systems. OMI (Open Management Infrastructure) OMI, the app is the Linux equivalent of Microsoft’s … Continue reading “Azure Open Management Infrastructure Remote Code Execution (RCE) Vulnerability (OMIGOD, CVE-2021-38647)”
Pulse Connect Secure Remote Code Execution Patch Bypass Vulnerability (CVE-2021-22937)
In the first week of August, Pulse Secure published an advisory and patches for vulnerability, CVE-2021-22937. This is a post-authentication, distant codification execution (i.e.,Remote Code Execution) vulnerability that exists on Pulse Connect Secure virtual backstage web (i.e.,VPN) appliances. This vulnerability, classified as CWE-434 and a CVSSv3 of 9.1, is an uncontrolled archive extraction vulnerability that … Continue reading “Pulse Connect Secure Remote Code Execution Patch Bypass Vulnerability (CVE-2021-22937)”
Windows DNS Server Out-of-Bounds Write to Remote Code Execution Vulnerability (CVE-2021-26897)
According to Microsoft Security Bulletin published on March 09, 2021, seven vulnerabilities concerning Microsoft’s DNS server were corrected. These vulnerabilities, identified as CVE-2021-26877, CVE-2021-26897, CVE-2021-26893, CVE-2021-26894 and CVE-2021-26895, are considered critical. Among these, two allow a denial of service, while the five others allow an execution of remote arbitrary code. By default, DNS servers are … Continue reading “Windows DNS Server Out-of-Bounds Write to Remote Code Execution Vulnerability (CVE-2021-26897)”
Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2021-31166)
As a part of their usual process of Patch Tuesday, Microsoft has released patches to mitigate security flaws in products such as Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. A new Windows network Remote Code Execution (RCE) zero-day exploit – CVE-2021-31166, has been in the news since Patch Tuesday. … Continue reading “Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2021-31166)”
Google Chrome and Microsoft Edge Zero-day Remote Code Execution Vulnerability
The second and effective zero day on Chromium-based browsers such as Google Chrome and Microsoft Edge was posted consecutively, just after yesterday’s zero-day RCE. This time, Frust, a security researcher, tweeted about a zero-day remote code execution vulnerability creating havoc in the browser-based vulnerability trend. He has released a working proof-of-concept exploit. Unless a threat … Continue reading “Google Chrome and Microsoft Edge Zero-day Remote Code Execution Vulnerability”
Google Chrome Zero-day Remote Code Execution Vulnerability
Rajvardhan Agarwal, a security researcher, recently tweeted about a zero-day remote code execution vulnerability creating havoc in the browser-based vulnerability trend. Hereleased a working proof-of-concept exploit for the RCE for the V8 JavaScript engine in Chromium-based browsers. This zero-day concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web … Continue reading “Google Chrome Zero-day Remote Code Execution Vulnerability”
Microsoft Exchange Server Remote Code Execution Vulnerabilities (4 zero days – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
Microsoft has released patches for the four zero-days exploited in the attacks (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065), discovered during the subsequent investigation. These bugs were observed by Microsoft Threat Intelligence Center (MSTIC) since January 2021. The OS giant, said that Hafnium operators used the four Exchange zero-days as part of a multi-part attack chain to … Continue reading “Microsoft Exchange Server Remote Code Execution Vulnerabilities (4 zero days – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)”