Apache released a security advisory to address a critical vulnerability in the Tomcat server. Tracked as CVE-2024-56337, the vulnerability may allow an attacker to perform remote code execution on vulnerable servers.
Tag: Remote Code Execution Vulnerability
CISA Added Cleo Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-50623 & CVE-2024-55956)
Cybersecurity & Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities Catalog with two vulnerabilities in Cleo Harmony, VLTrader, and LexiCom. Tracked as CVE-2024-50623 & CVE-2024-55956, successful exploitation of the vulnerability may lead to remote code execution. CISA urged users to patch the vulnerabilities before January 3, 2025 (CVE-2024-50623) and January 7, 2025 (CVE-2024-55956). Cleo … Continue reading “CISA Added Cleo Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-50623 & CVE-2024-55956)”
Apache Struts2 Remote Code Execution Vulnerability (CVE-2024-53677)
Apache released a security advisory to address a critical severity vulnerability in Struts2. Tracked as CVE-2024-53677, successful exploitation of the vulnerability may allow a remote attacker to execute arbitrary code, leading to critical data loss and possible system compromise.
Progress WhatsUp Gold Remote Code Execution Vulnerability (CVE-2024-8785)
Progress WhatsUp Gold is vulnerable to a critical severity flaw that may allow an attacker to execute remote code on the affected system. Tracked as CVE-2024-8785, the vulnerability has a CVSS score of 9.8. The PoC exploit code for the vulnerability has been made public by the security researchers who discovered the vulnerability.
CISA Warns Organizations to Patch Array Networks Remote Code Execution Vulnerability (CVE-2023-28461)
CISA added the Array Networks vulnerability, tracked as CVE-2024-28461, to the Known Exploited Vulnerabilities Catalog, acknowledging its active exploitation. CISA urged users to patch the vulnerability before December 16, 2024. Successful exploitation of the vulnerability may allow an unauthenticated attacker to execute arbitrary code on the target system. The ArrayOS is a purpose-built and customized operating … Continue reading “CISA Warns Organizations to Patch Array Networks Remote Code Execution Vulnerability (CVE-2023-28461)”
CUPS Printing Systems Remote Code Execution Vulnerability (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, & CVE-2024-47177)
CUPS, an open-source printing system, is vulnerable to multiple unauthenticated remote code execution vulnerabilities tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177. The vulnerabilities affect all GNU/Linux systems. Successful exploitation of the vulnerabilities may allow a remote attacker to execute arbitrary code on a target system without valid credentials or prior access. Organizations like Canonical and … Continue reading “CUPS Printing Systems Remote Code Execution Vulnerability (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, & CVE-2024-47177)”
Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication
Veeam released a security advisory to address six vulnerabilities of varying severities. Successful exploitation of the vulnerabilities may allow remote attackers to execute arbitrary code, leading to possible system compromise. One of the six vulnerabilities tracked as CVE-2024-40711 has a critical severity rating with a CVSS score of 9.8. The vulnerability may allow an attacker … Continue reading “Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication”
South Korean Attackers Group Exploits WPS Office Vulnerability (CVE-2024-7262)
APT-C-60, a South Korea-aligned cyber espionage group, has been exploiting a zero-day vulnerability in the Windows version of WPS Office. Attackers exploited the vulnerability to install the SpyGlace backdoor on East Asian targets. Tracked as CVE-2024-7262, the vulnerability allows an attacker to perform remote code execution. ESET (Electronic Systems Engineering Technology) researchers have discovered and … Continue reading “South Korean Attackers Group Exploits WPS Office Vulnerability (CVE-2024-7262)”
Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856)
Apache OFBiz is vulnerable to a pre-authentication flaw that can lead to remote code execution. Tracked as CVE-2024-38856, the vulnerability has a critical severity rating with a CVSS score of 9.8. SonicWall has discovered and reported the vulnerability to Apache. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code remotely, leading … Continue reading “Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856)”
Acronis Cyber Infrastructure Critical Vulnerability Exploited in the Wild (CVE-2023-45249)
An authentication bypass vulnerability in the Acronis Cyber Infrastructure is being exploited in the wild. Tracked as CVE-2023-45249, this vulnerability has a critical severity rating and a CVSS score of 9.8. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on vulnerable systems. An attacker may exploit the vulnerability … Continue reading “Acronis Cyber Infrastructure Critical Vulnerability Exploited in the Wild (CVE-2023-45249)”
