Security News

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution
2023-12-06 09:18

Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below -...

F5 hurriedly squashes BIG-IP remote code execution bug
2023-10-27 17:34

F5 has issued a fix for a remote code execution bug in its BIG-IP suite carrying a near-maximum severity score. Researchers at Praetorian first discovered the authentication bypass flaw in BIG-IP's configuration utility and published their findings this week of what is the third major RCE bug to impact BIG-IP since 2020.

F5 fixes BIG-IP auth bypass allowing remote code execution attacks
2023-10-27 15:11

A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution."This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands," reads F5's security bulletin.

F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution
2023-10-27 04:23

F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component,...

VMware fixes critical code execution flaw in vCenter Server
2023-10-25 09:00

VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps administrators manage and monitor virtualized infrastructure.

ShellTorch flaws expose AI servers to code execution attacks
2023-10-03 16:37

The TorchServe flaws discovered by the Oligo Security research team can lead to unauthorized server access and remote code execution on vulnerable instances. Due to insecure deserialization in the SnakeYAML library, attackers can upload a model with a malicious YAML file to trigger remote code execution.

Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch
2023-10-03 16:24

Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on...

Alert: Apache SuperSet Vulnerabilities Expose Servers to Remote Code Execution Attacks
2023-09-07 11:02

Patches have been released to address two new security vulnerabilities in Apache SuperSet that could be exploited by an attacker to gain remote code execution on affected systems. Outside of these weaknesses, the latest version of Superset also remediates a separate improper REST API permission issue that allows for low-privilege users to carry out server-side request forgery attacks.

ASUS routers vulnerable to critical remote code execution flaws
2023-09-05 14:58

Three critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not installed.The flaws, which all have a CVSS v3.1 score of 9.8 out of 10.0, are format string vulnerabilities that can be exploited remotely and without authentication, potentially allowing remote code execution, service interruptions, and performing arbitrary operations on the device.

Using WinRAR? Be sure to patch against these code execution bugs…
2023-08-23 19:55

WinRAR could start a wrong file after a user double- clicked an item in a specially crafted archive. That's a bit like receiving an email containing a safe-looking attachment along with a risky-looking one, deciding to start by investigating only the safe-looking one, but unknowingly firing up the risky file instead. From what we can tell, and in another irony, this bug existed in WinRAR's code for unpacking ZIP files, not in the code for processing its very own RAR file format.