Tag: RCE
Cybersecurity Threat Advisory: Cleo file transfer critical vulnerability
A critical vulnerability, identified as CVE-2024-50623, has been discovered in Cleo’s file transfer software suite. This vulnerability allows attackers to exploit an unrestricted file upload and download flaw, potentially leading to remote code execution (RCE) on vulnerable systems. Continue reading...
Cybersecurity Threat Advisory: New VPN client vulnerabilities to watch out for
Vulnerabilities were discovered in SonicWall NetExtender, CVE-2024-29014, and Palo Alto GlobalConnect, CVE-2024-5921, which can lead to remote code execution (RCE). Continue reading this Cybersecurity Threat Advisory to limit your exposure to these vulnerabilities. What is the threat? The vulnerabilities exhibit...
Cybersecurity Threat Advisory: WordPress plugin critical vulnerabilities
Two critical security flaws have been identified in a WordPress plugin—Anti-Spam by CleanTalk. This plugin is installed on more than 200,000 websites. Review this Cybersecurity Threat Advisory to learn how to mitigate your risks from these vulnerabilities. What is...
Cybersecurity Threat Advisory: Kemp LoadMaster and VMware vCenter vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical vulnerabilities in Progress Kemp LoadMaster (CVE-2024-1212) and VMware vCenter Server (CVE-2024-38812, CVE-2024-38813) to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities allow attackers to execute arbitrary commands, gain remote...
Cybersecurity Threat Advisory: New critical Citrix vulnerabilities
New critical vulnerabilities in Citrix Virtual Apps and Desktops, tracked as CVE-2024-8068 and CVE-2024-8069, as well as new flaws involving MSMQ (Microsoft Message Queuing) misconfiguration, were discovered. These vulnerabilities enable attackers to achieve unauthenticated remote code execution (RCE) on vulnerable...
Cybersecurity Threat Advisory: VMware critical vulnerability
VMware has recently released software updates to address a security flaw believed to have already been patched in vCenter Server. The vulnerability, known as CVE-2024-38812 with a CVSS score of 9.8, is a heap-overflow vulnerability. Continue reading this Cybersecurity Threat...
Cybersecurity Threat Advisory: Critical RCE vulnerability in ZCS
There is a critical remote code execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS) version 9.0, tracked as CVE-2024-45519. The vulnerability allows unauthenticated attackers to remotely execute arbitrary commands by exploiting weaknesses in Zimbra’s SMTP PostJournal service. Review the details...
Cybersecurity Threat Advisory: SolarWinds ARM vulnerabilities
SolarWinds has issued patches to address two vulnerabilities in its Access Rights Manager (ARM) software. Out of the two, one is a critical vulnerability that can lead to remote code execution (RCE). Review the details within this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: Active exploitation of Ivanti CSA vulnerability
A new vulnerability known as CVE-2024-8190 is affecting Ivanti Cloud Services Appliance (CSA) and is being actively exploited. This OS command injection vulnerability allows a remote, authenticated attacker to execute arbitrary commands on the system. Review the details in this...
Cybersecurity Threat Advisory: Veeam Backup security flaws
There were recently six vulnerabilities discovered in Veeam Backup and Replication. One of them is an unauthenticated remote code execution (RCE), while the other five include authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification and MFA bypass,...
