Security News

Cisco fixes critical code execution bugs in SMB VPN routers
2021-02-03 17:24

Cisco has addressed multiple pre-auth remote code execution vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices. The security bugs with a severity rating of 9.8/10 were found in the web-based management interface of Cisco small business routers.

SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover
2021-02-03 11:00

The most severe of these could allow trivial remote code execution with high privileges. The most critical bug does not require local access and allows complete control over SolarWinds Orion remotely without having any credentials at all.

Industrial Gear at Risk from Fuji Code-Execution Bugs
2021-01-29 18:01

Industrial control software from Fuji Electric is vulnerable to several high-severity arbitrary code-execution security bugs, according to a federal warning. The two make up a comprehensive human-machine interface system, used to remotely monitor and collect production data in real time, and control a variety of industrial and critical-infrastructure gear.

VLC Media Player 3.0.12 fixes multiple remote code execution flaws
2021-01-20 14:47

VideoLan released VLC Media Player 3.0.12 for Windows, Mac, and Linux last week with numerous improvements, features, and security fixes. This release is a significant upgrade for Mac users as it provides native support for Apple Silicon and fixes audio distortion in macOS. In addition to bug fixes and improvements, this release also fixes numerous security vulnerabilities reported by Zhen Zhou of the NSFOCUS Security Team.

Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution
2021-01-15 19:17

Siemens this week informed customers that some of its product development solutions are affected by a total of nearly two dozen vulnerabilities that can be exploited for arbitrary code execution using malicious files. Siemens and CISA have published one advisory for 18 vulnerabilities affecting Siemens JT2Go, a 3D viewing tool for JT data, and Teamcenter Visualization, which provides organizations visualization solutions for documents, 2D drawings and 3D models.

Office January security updates fix remote code execution bugs
2021-01-14 09:32

Microsoft addresses important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates released during this month's Patch Tuesday. In total, this month the company released 26 security updates and 5 cumulative updates for 7 different products, fixing 11 vulnerabilities that could allow attackers to escalate privileges or execute arbitrary code remotely on systems running vulnerable software.

SoftMaker Office Vulnerabilities Allow Code Execution via Malicious Documents
2021-01-06 15:12

Vulnerabilities discovered by Cisco Talos researchers in SoftMaker Office can be exploited for arbitrary code execution by creating malicious documents and tricking victims into opening them. A German software developer, SoftMaker Software GmbH offers individuals and enterprises a popular office software suite that includes word processing, spreadsheet, presentation, and database software components.

Google Warns of Critical Android Remote Code Execution Bug
2021-01-05 20:21

Google has fixed two critical bugs affecting its Android handsets. The more serious flaws exists in the Android System component and allow remote attackers to execute arbitrary code.

Zend Framework remote code execution vulnerability revealed
2021-01-04 11:05

An untrusted deserialization vulnerability has been disclosed this week in how Zend Framework can be exploited by attackers to achieve remote code execution on vulnerable PHP sites. "Zend Framework 3.0.0 has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the ZendHttpResponseStream class in Stream.php," states MITRE's advisory for CVE-2021-3007.

Critical Bugs in Dell Wyse Thin Clients Allow Code Execution, Client Takeovers
2020-12-21 17:00

Dell has patched two critical security vulnerabilities in its Dell Wyse Thin Client Devices, which are small form-factor computers optimized for connecting to a remote desktop. The bugs allow arbitrary code execution and the ability to access files and credentials, researchers said.