Security News

Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!
2021-03-10 22:01

Application security company F5 Networks on Wednesday published an advisory warning of four critical vulnerabilities impacting multiple products that could result in a denial of service attack and even unauthenticated remote code execution on target networks. The four critical flaws affect BIG-IP versions 11.6 or 12.x and newer, with a critical pre-auth remote code execution also affecting BIG-IQ versions 6.x and 7.x. F5 said it's not aware of any public exploitation of these issues.

SAP Stomps Out Critical RCE Flaw in Manufacturing Software
2021-03-10 22:00

Enterprise software giant SAP pushed out fixes for a critical-severity vulnerability in its real-time data monitoring software for manufacturing operations. If exploited, the flaw could allow an attacker to access SAP databases, infect end users with malware and modify network configurations.

F5 urges customers to patch critical BIG-IP pre-auth RCE bug
2021-03-10 17:04

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution vulnerabilities affecting most BIG-IP and BIG-IQ software versions. F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands, with the company claiming that "48 of the Fortune 50 rely on F5.".

F5 urges customers to patch 4 critical BIG-IP pre-auth RCE bugs
2021-03-10 17:04

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution vulnerabilities affecting most BIG-IP and BIG-IQ software versions. F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands, with the company claiming that "48 of the Fortune 50 rely on F5.".

VMware releases fix for severe View Planner RCE vulnerability
2021-03-04 17:09

VMware has addressed a high severity unauthenticated RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution. The vulnerability was discovered and reported to VMware by Positive Technologies web application security expert Mikhail Klyuchnikov.

Windows DNS SIGRed bug gets first public RCE PoC exploit
2021-03-04 14:44

A working proof-of-concept exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution vulnerability. SIGRed has existed in Microsoft's code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum severity rating of 10 out of 10.

Google shares PoC exploit for critical Windows 10 Graphics RCE bug
2021-02-27 14:12

Project Zero, Google's 0day bug-hunting team, shared technical details and proof-of-concept exploit code for a critical remote code execution bug affecting a Windows graphics component. The Project Zero researchers discovered the vulnerability, tracked as CVE-2021-24093, in a high-quality text rendering Windows API named Microsoft DirectWrite.

Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!
2021-02-25 10:53

The day after VMware released fixes for a critical RCE flaw found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. We've detected mass scanning activity targeting vulnerable VMware vCenter servers.

VMWare Patches Critical RCE Flaw in vCenter Server
2021-02-24 17:14

VMware has patched three vulnerabilities in its virtual-machine infrastructure for data centers, the most serious of which is a remote code execution flaw in its vCenter Server management platform. The researcher found the most critical of the flaws, which is being tracked as CVE-2021-21972 and has a CVSS v3 score of 9.8, in a vCenter Server plugin for vROPs in the vSphere Client functionality, according to an advisory posted online Tuesday by VMware.

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
2021-02-24 09:35

VMware has addressed multiple critical remote code execution vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a maximum of 10, making it critical in severity.