Progress addressed a critical severity vulnerability impacting the Telerik Report Server. Tracked as CVE-2024-6327, the vulnerability has a CVSS score of 9.9. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to complete system compromise. The vulnerability originates from an insecure deserialization flaw.
Tag: Remote Code Execution Vulnerability
Zyxel Patches Multiple Vulnerabilities in NAS Products
Zyxel has released patches to address five vulnerabilities in two NAS products that have reached end-of-vulnerability-support. Successful exploitation of the vulnerabilities may result in command injection and remote code execution. The vulnerabilities have been given medium and critical severity ratings. Timothy Hjort from Outpost24 has discovered and reported the vulnerabilities to Zyxel. The security researcher … Continue reading “Zyxel Patches Multiple Vulnerabilities in NAS Products”
VMware vCenter Server Multiple Critical Vulnerabilities (CVE-2024-37079, CVE-2024-37080, & CVE-2024-37081)
VMware vCenter Server is vulnerable to multiple vulnerabilities that may allow attackers to elevate privileges and perform remote code execution. Tracked as CVE-2024-37079, CVE-2024-37080, & CVE-2024-37081, the vulnerabilities are given critical and important severity ratings.
HPE Aruba Networking Patches Critical Vulnerabilities Impacting ArubaOS (CVE-2024-26304, CVE-2024-26305, CVE-2024-33511, & CVE-2024-33512)
Aruba Networking has released security updates to address ten critical and medium severity vulnerabilities in ArubaOS. Four vulnerabilities have been rated critical with a CVSSv3 score of 9.8: CVE-2024-26304, CVE-2024-26305, CVE-2024-33511, and CVE-2024-33512. Successful exploitation of these vulnerabilities may lead to remote code execution.
Rust Standard Library Remote Code Execution Vulnerability (BatBadBut) (CVE-2024-24576)
Rust standard library is vulnerable to a critical severity flaw that can be exploited on Windows targets. Tracked as CVE-2024-24576, the vulnerability has been given a CVSS score of 10. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on a targeted Windows system. The vulnerability is being called BatBadBut.
Fortinet FortiClientLinux Remote Code Execution Vulnerability (CVE-2023-45590)
Fortinet FortiClientLinux is vulnerable to a critical severity flaw being tracked as CVE-2023-45590. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the affected systems. To exploit this improper code injection flaw, an attacker must trick a FortiClientLinux user into visiting a malicious website.
Ivanti Patches Remote Code Execution Vulnerability in Standalone Sentry (CVE-2023-41724)
NATO Cyber Security Centre researchers have discovered a critical severity vulnerability impacting the Ivanti Standalone Sentry. Tracked as CVE-2023-41724 is given a CVSS score of 9.6. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary commands.
SolarWinds Access Rights Manager (ARM) Multiple Vulnerabilities Allows Remote Code Execution
Security researchers at Trend Micro Zero Day Initiative discovered multiple vulnerabilities impacting SolarWinds Access Rights Manager (ARM). Successful exploitation of the vulnerabilities may allow the attackers to perform remote code execution on target systems. CVE-2024-23476, CVE-2024-23479, and CVE-2023-40057 are given critical severity ratings and CVSS scores of 9.6, 9.6, and 9.0, respectively. CVE-2024-23477 and CVE-2024-23478 … Continue reading “SolarWinds Access Rights Manager (ARM) Multiple Vulnerabilities Allows Remote Code Execution”
Critical Vulnerability in Shim Impacts Major Linux Distributors (CVE-2023-40547)
Shim is a crucial software most Linux distributions use in the boot process to support Secure Boot. At the start of the month, Bill Demirkapi of the Microsoft Security Response Center (MSRC) discovered a critical severity vulnerability impacting the software. Tracked as CVE-2023-40547, the vulnerability could lead to remote code execution, crash, denial of service, and exposure of … Continue reading “Critical Vulnerability in Shim Impacts Major Linux Distributors (CVE-2023-40547)”
Jenkins Core Remote Code Execution Vulnerability (CVE-2024-23897)
Jenkins has addressed a critical severity vulnerability (CVE-2024-23897) affecting Jenkins Core. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution on target systems. The vulnerability is being exploited in the wild. Many threat researchers have released the PoC for the vulnerability.
