Exim Buffer Overflow RCE Vulnerability (CVE-2018-6789) – What You Need to Know

Exim Buffer Overflow RCE Vulnerability (CVE-2018-6789) – What You Need to Know

On February 10, the Unix-based email server Exim released an update to address a heap buffer overflow vulnerability that can be used by an unauthenticated attacker to remotely execute arbitrary code. The flaw, assigned CVE-2018-6789, is noted to exist in all versions of Exim, prior to their latest release, 4.90.1, ... Read More
Identifying Systems Affected by Cisco ASA Critical Vulnerability (CVE-2018-0101)

Identifying Systems Affected by Cisco ASA Critical Vulnerability (CVE-2018-0101)

On January 29, Cisco released an advisory for a critical vulnerability in their Adaptive Security Appliance (ASA) software. The critical flaw, assigned CVE-2018-0101, has a CVSS score of 10.0 and could allow for a denial-of-service attack and remote code execution. On February 5, Cisco updated the advisory indicating they’d found ... Read More
Apache Struts REST Plugin XStream XML Request Deserialization RCE (CVE 2017-9805)

Apache Struts REST Plugin XStream XML Request Deserialization RCE (CVE 2017-9805)

|
A new critical vulnerability (S2-052) in the Apache Struts framework (CVE 2017-9805) could allow an unauthenticated attacker to run arbitrary commands on a server using the Struts framework with the popular REST communication plugin. Vulnerability details A remote code execution vulnerability exists in Apache Struts due to an unsafe deserialization ... Read More