Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2022-20544: Pixel Update Bulletin—December2022  |  Android Open Source Project

In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070

CVE
#vulnerability#android#google#dos#java#rce
Red Hat Security Advisory 2022-9058-01

Red Hat Security Advisory 2022-9058-01 - Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Issues addressed include code execution and deserialization vulnerabilities.

Red Hat Security Advisory 2022-9032-01

Red Hat Security Advisory 2022-9032-01 - This release of Red Hat build of Eclipse Vert.x 4.3.4 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include code execution and deserialization vulnerabilities.

CISA Alert: Veeam Backup and Replication Vulnerabilities Being Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The now-patched critical flaws, tracked as CVE-2022-26500 and CVE-2022-26501, are both rated 9.8 on the CVSS scoring system, and could be leveraged to

CVE-2021-39426: SeaCMS (2021-08-18) is a vulnerability that can cause rce · Issue #21 · seacms-com/seacms

An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set.

Meta Ponies Up $300K Bounty for Zero-Click Mobile RCE Bugs in Facebook

Facebook's parent company has also expanded bug-bounty payouts to include Oculus and other "metaverse" gadgets for AR/VR.

WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections

New research also analyzes the commoditization of adversary-in-the-middle attacks, JavaScript obfuscation in exploit kits, and a malware family with Gothic Panda ties.

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x upload.cgi Code Execution

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated remote code execution vulnerability in upload.cgi.

RHSA-2022:9058: Red Hat Security Advisory: prometheus-jmx-exporter security update

An update for prometheus-jmx-exporter is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1471: SnakeYaml: Constructor Deserialization Remote Code Execution

Critical IP spoofing bug patched in Cacti

‘Not that hard to execute if attacker has access to a monitoring platform running Cacti’