Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

North Korean State Actors Attack Critical Bug in TeamCity Server

Known threat groups Diamond Sleet and Onyx Sleet focus on cyber espionage, data theft, network sabotage, and other malicious actions, Microsoft says.

DARKReading
#vulnerability#microsoft#git#backdoor#rce#auth
Why Do We Need Real-World Context to Prioritize CVEs?

Without the proper context, organizations waste time mitigating software flaws that won't likely affect their systems.

CVE-2023-35180

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API.

CVE-2023-35187

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution.

CVE-2023-35186: ARM 2023.2.1 Release Notes

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution.

CVE-2023-35182

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server.

Patch Now: APTs Continue to Pummel WinRAR Bug

State-sponsored cyber espionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint.

Atlassian Confluence Unauthenticated Remote Code Execution

This Metasploit module exploits an improper input validation issue in Atlassian Confluence, allowing arbitrary HTTP parameters to be translated into getter/setter sequences via the XWorks2 middleware and in turn allows for Java objects to be modified at run time. The exploit will create a new administrator user and upload a malicious plugins to get arbitrary code execution. All versions of Confluence between 8.0.0 through to 8.3.2, 8.4.0 through to 8.4.2, and 8.5.0 through to 8.5.1 are affected.

Gentoo Linux Security Advisory 202310-13

Gentoo Linux Security Advisory 202310-13 - A vulnerability has been discovered in Mailutils where escape sequences are processed in a context where this may lead to RCE. Versions greater than or equal to 3.12-r3 are affected.