Security News

VMware fixes critical Cloud Foundation remote code execution bug
2022-10-25 16:49

VMware has released security updates today to fix a critical vulnerability in VMware Cloud Foundation, a hybrid cloud platform for running enterprise apps in private or public environments. The flaw is in the XStream open-source library used by Cloud Foundation and has an almost maximum CVSSv3 base score of 9.8/10 assigned by VMware.

Unpatched 15-year old Python bug allows code execution in 350k projects
2022-09-21 16:45

A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution. The vulnerability is in the Python tarfile package, in code that uses un-sanitized tarfile.

Cisco fixes critical remote code execution bug in VPN routers
2022-08-03 17:26

Cisco has fixed critical security vulnerabilities affecting Small Business VPN routers and enabling unauthenticated, remote attackers to execute arbitrary code or commands and trigger denial of service conditions on vulnerable devices.Successful exploitation of CVE-2022-20842 with crafted HTTP input could allow attackers "To execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition," the company explains.

Windows Network File System flaw results in arbitrary code execution as SYSTEM
2022-07-15 14:15

Trend Micro Research has published an anatomy of a Windows remote code execution vulnerability lurking in the Network File System. The vulnerability in question, CVE-2022-30136, was patched by Microsoft in June but the research makes for interesting reading both in terms of the vulnerability itself and the potential for exploitation.

F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems
2022-05-05 12:48

Application service provider F5 is warning a critical vulnerability allows unauthenticated hackers with network access to execute arbitrary commands on its BIG-IP systems. Threat actors can send undisclosed requests and leverage the flaw to bypass the iControl REST authentication and access the F5 BIG-IP systems, an attacker can execute arbitrary commands, create or delete files or disable servers.

F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability
2022-05-04 19:38

Cloud security and application delivery network provider F5 on Wednesday released patches to contain 43 bugs spanning its products. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services," F5 said in an advisory.

Trend Micro fixes actively exploited remote code execution bug
2022-04-01 16:58

Japanese cybersecurity software firm Trend Micro has patched a high severity security flaw in the Apex Central product management console that can let attackers execute arbitrary code remotely. Apex Central is a web-based management console that helps system admins manage Trend Micro products and services throughout the network.

“VMware Spring Cloud Function” Java bug gives instant remote code execution – update now!
2022-03-30 20:38

VMWare Spring is a open-source Java toolkit for building powerful Java apps, including cloud-based apps, without needing to write, manage, worry about, or even understand the "Server" part of the process yourself. You don't need to worry about, or even care, what sort of server your code is running on: it could be a server of your own, set up and managed by your colleagues in IT; or a cloud instance hosted and executing on a popular cloud service provider.

New Spring Java framework zero-day allows remote code execution
2022-03-30 20:16

A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications. Spring is a very popular application framework that allows software developers to quickly and easily develop Java applications with enterprise-level features.

Critical Sophos Firewall vulnerability allows remote code execution
2022-03-27 12:03

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution. Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User Portal and Webadmin areas of Sophos Firewall.