Tag: RCE

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical RCE vulnerability in ZCS

Cybersecurity Threat Advisory: Critical RCE vulnerability in ZCS

There is a critical remote code execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS) version 9.0, tracked as CVE-2024-45519. The vulnerability allows unauthenticated attackers to remotely execute arbitrary commands by exploiting weaknesses in Zimbra’s SMTP PostJournal service. Review the details...

/ October 2, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: SolarWinds ARM vulnerabilities

Cybersecurity Threat Advisory: SolarWinds ARM vulnerabilities

SolarWinds has issued patches to address two vulnerabilities in its Access Rights Manager (ARM) software. Out of the two, one is a critical vulnerability that can lead to remote code execution (RCE). Review the details within this Cybersecurity Threat Advisory...

/ September 18, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Active exploitation of Ivanti CSA vulnerability

Cybersecurity Threat Advisory: Active exploitation of Ivanti CSA vulnerability

A new vulnerability known as CVE-2024-8190 is affecting Ivanti Cloud Services Appliance (CSA) and is being actively exploited. This OS command injection vulnerability allows a remote, authenticated attacker to execute arbitrary commands on the system. Review the details in this...

/ September 18, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Veeam Backup security flaws

Cybersecurity Threat Advisory: Veeam Backup security flaws

There were recently six vulnerabilities discovered in Veeam Backup and Replication. One of them is an unauthenticated remote code execution (RCE), while the other five include authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification and MFA bypass,...

/ September 10, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Exploited Jenkins vulnerability

Cybersecurity Threat Advisory: Exploited Jenkins vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability found in Jenkins, identified as CVE-2024-23897 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities (KEV) catalogue. This vulnerability is a path traversal flaw within the...

/ August 21, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical zero-click vulnerability in Microsoft Outlook

Cybersecurity Threat Advisory: Critical zero-click vulnerability in Microsoft Outlook

A critical zero-click remote code execution (RCE) vulnerability, identified as CVE-2024-30103, was recently discovered in Microsoft Outlook. This flaw allows malicious actors to execute arbitrary code on a victim’s system simply by opening a specially crafted email. Review the details...

/ August 15, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical zero-day vulnerability in Apache OFBiz

Cybersecurity Threat Advisory: Critical zero-day vulnerability in Apache OFBiz

CVE-2024-38856 is a new Apache OFBiz ERP system critical zero-day vulnerability. If you are using this system, please continue reading this Cybersecurity Threat Advisory to learn which steps you should take to mitigate your risk. What is the threat? Researchers...

/ August 7, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: RCE vulnerability in Ghostscript

Cybersecurity Threat Advisory: RCE vulnerability in Ghostscript

A Ghostscript remote code execution (RCE) vulnerability, tracked as CVE-2024-29510 (with a CVSS rating of 5.5), is currently being exploited. This exploit can allow attackers to bypass the -dSAFER sandbox and execute code remotely. Review this Cybersecurity Threat Advisory to...

/ July 9, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Atlassian Confluence RCE vulnerability

Cybersecurity Threat Advisory: Atlassian Confluence RCE vulnerability

A new high-severity remote code execution (RCE) vulnerability known as CVE-2024-21683 has been discovered in Atlassian’s Confluence Data Center and Server. This vulnerability permits an attacker with an account on the service to gain server control. Review this Cybersecurity Threat...

/ June 18, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Fluent Bit critical vulnerability

Cybersecurity Threat Advisory: Fluent Bit critical vulnerability

This Cybersecurity Threat Advisory highlights a critical vulnerability discovered within a popular logging and metric solution called Fluent Bit. CVE-2024-4323, a new memory corruption vulnerability, has the potential to cause denial of service (DOS), information leakage, and code execution (RCE)....

/ May 22, 2024