Remote Code Execution Vulnerabilities Archives

#RediShell: Redis/Valkey Get ‘Perfect 10’ Critical RCE Vuln

Redis hell: CVSS 10.0 vulnerability in ubiquitous cloud storage layer. PATCH NOW ...

Security Boulevard

Unauthorized Pipeline Jobs Flaw Patched By GitLab

Wajahat Raja | July 24, 2024 | Cybersecurity News, GitLab security flaw, path traversal vulnerabilities, pipeline jobs security flaw, Remote Code Execution Vulnerabilities, sql injection prevention

Recent media reports have shed light on GitLab rolling out another round of updates. These GitLab security updates are for the pipeline jobs security flaw with the software. In this article, we’ll ...

TuxCare

Critical OpenSSH Vulnerability (regreSSHion) Gives Root Access

Rohan Timalsina | July 17, 2024 | Almalinux Support, CVE-2024-6387, Enterprise support for almalinux, Exploiting the vulnerability, Linux & Open Source News, linux systems, Linux vulnerability, openssh, OpenSSH security, OpenSSH Vulnerabilities, RegreSSHion, Remote Code Execution (RCE), Remote Code Execution Vulnerabilities, RootAccess, Unauthorized Remote Control

An unauthenticated remote code execution vulnerability (CVE-2024-6387) was discovered in OpenSSH, a widely used tool for secure remote access. Dubbed “regreSSHion”, this race condition vulnerability allows attackers to take complete control in ...

TuxCare

Critical Cacti Vulnerabilities Addressed in Latest Update

Rohan Timalsina | May 29, 2024 | arbitrary code execution, cacti, cacti security update, Cacti Vulnerabilities, CVE-2024-25641, CVE-2024-29895, Linux & Open Source News, open source, Open-Source Software Security, Remote Code Execution (RCE), Remote Code Execution Vulnerabilities, security patches, security updates, security vulnerabilites

Cacti is a popular open-source platform for monitoring network health and performance. Several vulnerabilities were discovered in Cacti, which have been patched in the latest version 1.2.27. This update is crucial for ...

TuxCare

Critical PixieFail Vulnerabilities Lead to RCE and DoS Attacks

Rohan Timalsina | February 15, 2024 | buffer-overflow-attacks, Cyber Threats, Denial-of-Service (DoS), Linux & Open Source News, PixieFail UEFI flaws, PixieFail Vulnerabilities, Remote Code Execution, Remote Code Execution Vulnerabilities, security vulnerabilites, UEFI firmware, Unified Extensible Firmware Interface (UEFI)

A set of critical security vulnerabilities has been found in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification. Named PixieFail by Quarkslab, ...

TuxCare

GitHub Vulnerability: Key Rotation Amid High-Severity Threat

Wajahat Raja | February 1, 2024 | code injection, Cybersecurity Best Practices, Cybersecurity News, Dependabot Encryption Keys, GitHub Credential Exposure, GitHub Security Measures, Privilege Escalation via Command Injection, Remote Code Execution, Remote Code Execution Vulnerabilities, vulnerability patching

In recent developments, GitHub, a Microsoft-owned subsidiary, has taken proactive measures to address a security vulnerability potentially exposing credentials within production containers. In this article, we’ll analyze the GitHub vulnerability incident, shedding ...

TuxCare

Apache Unomi CVE-2020-13942: RCE Vulnerabilities Discovered

Eugene Rojavski | November 17, 2020 | Apache Unomi, Blog, Codebashing, CxSAST, CxSCA, Remote Code Execution Vulnerabilities, Software Composition Analysis, Technical Blog

“Apache Unomi is a Java Open Source customer data platform, a Java server designed to manage customers, leads and visitors’ data and help personalize customers experiences,” according to its website. Unomi can ...

Blog – Checkmarx

Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)

Dor Tumarkin | February 19, 2020 | Apache Dubbo, Apache Software Foundation, Application Security Awareness, Application Security Vulnerabilities, Blog, Checkmarx Security Research Team, Remote Code Execution Vulnerabilities, Technical Blog

Executive Summary Having developed a high level of interest in serialization attacks in recent years, I’ve decided to put some effort into researching Apache Dubbo some months back. Dubbo, I’ve learned, deserializes ...

Blog – Checkmarx

Apache Struts, RCEs, and the Equifax Breach Anniversary

Matthew Rose | September 27, 2018 | Apache Software Foundation, Apache Struts, Blog, closed source, CVE-2017-5638, CVE-2017-9805, CVE-2018-11776, Cybersecurity, Equifax breach, open source, Remote Code Execution Vulnerabilities, Software Exposure

We just passed the one-year anniversary of Equifax’s announcement of their massive data breach due to an exploit of an Apache Struts vulnerability (CVE-2017-5638) – and incidentally, at nearly the same time ...

Blog – Checkmarx

Remote Code Execution Vulnerabilities

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On