Tag: RCE

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Kemp LoadMaster and VMware vCenter vulnerabilities

Cybersecurity Threat Advisory: Kemp LoadMaster and VMware vCenter vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical vulnerabilities in Progress Kemp LoadMaster (CVE-2024-1212) and VMware vCenter Server (CVE-2024-38812, CVE-2024-38813) to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities allow attackers to execute arbitrary commands, gain remote...

/ November 22, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: New critical Citrix vulnerabilities

Cybersecurity Threat Advisory: New critical Citrix vulnerabilities

New critical vulnerabilities in Citrix Virtual Apps and Desktops, tracked as CVE-2024-8068 and CVE-2024-8069, as well as new flaws involving MSMQ (Microsoft Message Queuing) misconfiguration, were discovered. These vulnerabilities enable attackers to achieve unauthenticated remote code execution (RCE) on vulnerable...

/ November 18, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: VMware critical vulnerability

Cybersecurity Threat Advisory: VMware critical vulnerability

VMware has recently released software updates to address a security flaw believed to have already been patched in vCenter Server. The vulnerability, known as CVE-2024-38812 with a CVSS score of 9.8, is a heap-overflow vulnerability. Continue reading this Cybersecurity Threat...

/ October 26, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical RCE vulnerability in ZCS

Cybersecurity Threat Advisory: Critical RCE vulnerability in ZCS

There is a critical remote code execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS) version 9.0, tracked as CVE-2024-45519. The vulnerability allows unauthenticated attackers to remotely execute arbitrary commands by exploiting weaknesses in Zimbra’s SMTP PostJournal service. Review the details...

/ October 2, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: SolarWinds ARM vulnerabilities

Cybersecurity Threat Advisory: SolarWinds ARM vulnerabilities

SolarWinds has issued patches to address two vulnerabilities in its Access Rights Manager (ARM) software. Out of the two, one is a critical vulnerability that can lead to remote code execution (RCE). Review the details within this Cybersecurity Threat Advisory...

/ September 18, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Active exploitation of Ivanti CSA vulnerability

Cybersecurity Threat Advisory: Active exploitation of Ivanti CSA vulnerability

A new vulnerability known as CVE-2024-8190 is affecting Ivanti Cloud Services Appliance (CSA) and is being actively exploited. This OS command injection vulnerability allows a remote, authenticated attacker to execute arbitrary commands on the system. Review the details in this...

/ September 18, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Veeam Backup security flaws

Cybersecurity Threat Advisory: Veeam Backup security flaws

There were recently six vulnerabilities discovered in Veeam Backup and Replication. One of them is an unauthenticated remote code execution (RCE), while the other five include authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification and MFA bypass,...

/ September 10, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Exploited Jenkins vulnerability

Cybersecurity Threat Advisory: Exploited Jenkins vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability found in Jenkins, identified as CVE-2024-23897 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities (KEV) catalogue. This vulnerability is a path traversal flaw within the...

/ August 21, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical zero-click vulnerability in Microsoft Outlook

Cybersecurity Threat Advisory: Critical zero-click vulnerability in Microsoft Outlook

A critical zero-click remote code execution (RCE) vulnerability, identified as CVE-2024-30103, was recently discovered in Microsoft Outlook. This flaw allows malicious actors to execute arbitrary code on a victim’s system simply by opening a specially crafted email. Review the details...

/ August 15, 2024
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical zero-day vulnerability in Apache OFBiz

Cybersecurity Threat Advisory: Critical zero-day vulnerability in Apache OFBiz

CVE-2024-38856 is a new Apache OFBiz ERP system critical zero-day vulnerability. If you are using this system, please continue reading this Cybersecurity Threat Advisory to learn which steps you should take to mitigate your risk. What is the threat? Researchers...

/ August 7, 2024