Security News
A new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files. [...]
The malicious code inserted into the open-source library XZ Utils, a widely used package present in major Linux distributions, is also capable of facilitating remote code execution, a new analysis...
Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below -...
F5 has issued a fix for a remote code execution bug in its BIG-IP suite carrying a near-maximum severity score. Researchers at Praetorian first discovered the authentication bypass flaw in BIG-IP's configuration utility and published their findings this week of what is the third major RCE bug to impact BIG-IP since 2020.
A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution."This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands," reads F5's security bulletin.
F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component,...
VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps administrators manage and monitor virtualized infrastructure.
The TorchServe flaws discovered by the Oligo Security research team can lead to unauthorized server access and remote code execution on vulnerable instances. Due to insecure deserialization in the SnakeYAML library, attackers can upload a model with a malicious YAML file to trigger remote code execution.
Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on...
Patches have been released to address two new security vulnerabilities in Apache SuperSet that could be exploited by an attacker to gain remote code execution on affected systems. Outside of these weaknesses, the latest version of Superset also remediates a separate improper REST API permission issue that allows for low-privilege users to carry out server-side request forgery attacks.