Security News

VMware fixes critical RCE bug in all default vCenter installs
2021-02-23 19:26

VMware has addressed a critical remote code execution vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems. "The vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin," VMware explains in the advisory.

SAP Commerce Critical Security Bug Allows RCE
2021-02-10 21:32

SAP is warning of a critical vulnerability in its SAP Commerce platform for e-commerce businesses. Drools is an engine that makes up the rules engine for SAP Commerce.

Microsoft Office February security updates patch Sharepoint, Excel RCE bugs
2021-02-10 14:28

Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates. Microsoft also released non-security Office updates last week addressing bugs that may lead to PowerPoint crashes and other issues affecting Windows Installer editions of Office 2016, Office 2013, and Office 2010 products.

Critical Cisco Flaws Open VPN Routers Up to RCE Attacks
2021-02-04 15:59

Cisco is rolling out fixes for critical holes in its lineup of small-business VPN routers. The flaws exist in the web-based management interface of Cisco's small-business lineup of VPN routers.

Google fixes severe Golang Windows RCE vulnerability
2021-01-26 11:09

This month Google engineers have fixed a severe remote code execution vulnerability in the Go language. The RCE vulnerability, CVE-2021-3115, mainly impacts Windows users of Go running the go get command, due to the default behavior of Windows PATH lookups.

Amazon Kindle RCE Attack Starts with an Email
2021-01-22 21:55

Three vulnerabilities in the Amazon Kindle e-reader would have allowed a remote attacker to execute code and run it as root - paving the way for siphoning money from unsuspecting users. Yogev Bar-On, researcher at Realmode Labs, found that it was possible to email malicious e-books to the devices via the "Send to Kindle" feature to start a chain of attack - a discovery that earned him $18,000 from the Amazon bug-bounty program.

Critical Cisco SD-WAN Bugs Allow RCE Attacks
2021-01-20 21:47

Cisco is warning of multiple, critical vulnerabilities in its software-defined networking for wide-area networks solutions for business users. Three critical flaws were found in Cisco smart software manager satellite, which offers businesses real-time visibility and reporting of their Cisco licenses.

January 2021 Patch Tuesday: Microsoft plugs Defender zero-day RCE
2021-01-12 21:24

Microsoft has plugged 83 CVEs, including a Microsoft Defender zero-day. One of the latter - a zero-day RCE affecting Microsoft Defender antivirus - is being exploited in the wild, but Microsoft didn't reveal more about these attacks.

RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework
2021-01-05 22:28

Versions of the popular developer tool Zend Framework and its successor Laminas Project can be abused by an attacker to execute remote code on PHP-based websites, if they are running web-based applications that are vulnerable to attack. Impacted is Zend Framework version 3.0.0 and Laminas Project laminas-http before 2.14.2, with an estimated "Several million websites" using the framework and possibly impacted.

Cisco re-patches wormable Jabber RCE flaw
2020-12-14 11:39

In September 2020, Cisco patched four Jabber vulnerabilities, but as it turns out, three of four have not been sufficiently mitigated. The incompleteness of the patches was discovered by Watchcom researchers - who discovered and disclosed the batch of vulnerabilities made public in September - after one of their clients requested they verify the effectiveness of Cisco's patches.