Security News

Google Chrome V8 Bug Allows Remote Code-Execution
2021-04-28 17:48

Google's Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution within a user's browser. Liu told SecurityWeek that the bug is somewhat mitigated by the fact that it doesn't allow attackers to escape the sandbox where Chrome runs, meaning attackers can't reach any of the other program, data and applications on the computer.

Adobe Patches Critical Code Execution Vulnerabilities in Photoshop, Bridge
2021-04-13 17:51

Adobe on Tuesday announced patches for vulnerabilities in four of its products, including critical code execution flaws affecting Photoshop and Bridge. In Photoshop, the company fixed two critical buffer overflow bugs that can be exploited for arbitrary code execution in the context of the targeted user.

Zerodium triples WordPress remote code execution exploit payout
2021-04-09 14:42

Zerodium has announced today an increased interest in exploits for the WordPress content management system that achieve remote code execution. The exploit acquisition platform is now enticing exploit developers and sellers with a $300,000 payout, three times more than the regular price.

Cisco fixes bug allowing remote code execution with root privileges
2021-04-07 19:38

Cisco has released security updates to address a critical pre-authentication remote code execution vulnerability affecting SD-WAN vManage Software's remote management component. The company fixed two other high-severity security vulnerabilities in the user management and system file transfer functions of the same product allowing attackers to escalate privileges.

Google Patches Critical Code Execution Vulnerability in Android
2021-04-07 11:33

The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component. Tracked as CVE-2021-0430 and affecting Android 10 and 11, the code execution vulnerability is deemed critical severity.

SolarWinds patches critical code execution bug in Orion Platform
2021-03-26 13:19

SolarWinds has released security updates to address four vulnerabilities impacting the company's Orion IT monitoring platform, two of them allowing attackers to execute arbitrary code remotely. The highest severity security flaw patched by SolarWinds on Thursday is a critical JSON deserialization bug that remote attackers can exploit to execute arbitrary code through Orion Platform Action Manager's test alert actions.

Critical Flaw in Jabber for Windows Could Lead to Code Execution
2021-03-26 09:05

Cisco this week announced the release of software updates that address several vulnerabilities in Jabber for desktop and mobile platforms, the most severe of which could be abused to execute arbitrary code with elevated privileges. The bugs impact Cisco Jabber for Windows, macOS, and mobile platforms, and are not dependable to one another.

New Code Execution Flaws In Solarwinds Orion Platform
2021-03-25 19:14

Solarwinds has shipped a major security update to fix at least four documented security vulnerabilities, including a pair of bugs that be exploited for remote code execution attacks. The patches were pushed out Thursday as part of a minor security makeover of the Orion Platform, the same compromised Solarwinds product that was exploited in recent nation-state software supply chain attacks.

Remote Code Execution Vulnerability Patched in Apache OFBiz
2021-03-23 04:52

One of the vulnerabilities addressed by the latest update for Apache OFBiz is an unsafe Java deserialization issue that could be exploited to execute code remotely, without authentication. A Java-based web framework, Apache OFBiz is an open source enterprise resource planning system that includes a suite of applications to automate business processes within enterprise environments, and which can be used across any industry.

Critical code execution vulnerability fixed in Adobe ColdFusion
2021-03-22 16:05

Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018. Today's emergency updates patch an arbitrary code execution security flaw caused by an Improper Input Validation software vulnerability.