Security News

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution vulnerabilities affecting most BIG-IP and BIG-IQ software versions. F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands, with the company claiming that "48 of the Fortune 50 rely on F5.".

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution vulnerabilities affecting most BIG-IP and BIG-IQ software versions. F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands, with the company claiming that "48 of the Fortune 50 rely on F5.".

VMware has addressed a high severity unauthenticated RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution. The vulnerability was discovered and reported to VMware by Positive Technologies web application security expert Mikhail Klyuchnikov.

A working proof-of-concept exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution vulnerability. SIGRed has existed in Microsoft's code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum severity rating of 10 out of 10.

Project Zero, Google's 0day bug-hunting team, shared technical details and proof-of-concept exploit code for a critical remote code execution bug affecting a Windows graphics component. The Project Zero researchers discovered the vulnerability, tracked as CVE-2021-24093, in a high-quality text rendering Windows API named Microsoft DirectWrite.

The day after VMware released fixes for a critical RCE flaw found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. We've detected mass scanning activity targeting vulnerable VMware vCenter servers.

VMware has patched three vulnerabilities in its virtual-machine infrastructure for data centers, the most serious of which is a remote code execution flaw in its vCenter Server management platform. The researcher found the most critical of the flaws, which is being tracked as CVE-2021-21972 and has a CVSS v3 score of 9.8, in a vCenter Server plugin for vROPs in the vSphere Client functionality, according to an advisory posted online Tuesday by VMware.

VMware has addressed multiple critical remote code execution vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity.

VMware has addressed a critical remote code execution vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems. "The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," VMware explains in the advisory.

SAP is warning of a critical vulnerability in its SAP Commerce platform for e-commerce businesses. Drools is an engine that makes up the rules engine for SAP Commerce.