Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

RHSA-2022:9023: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.5 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3171: protobuf-java: timeout in parser leads to DoS * CVE-2022-4116: quarkus_dev_ui: Dev UI Config Editor is vulnerable to drive-by localhost attacks leading to RCE * CVE-2022-4147: quarkus-vertx-http: Security misconfiguration of CORS : OWASP A05_2021 level in Quarkus * CVE-2022-31197: postgresql: SQL Injection in ResultSet.refreshRow() with mal...

Red Hat Security Data
Open in Source
#sql#vulnerability#web#linux#red_hat#apache#nodejs#js#java#kubernetes#rce#aws#postgres
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x (upload.cgi) Unauthenticated Remote Code Execution

SOUND4 products suffer from an unauthenticated remote code execution vulnerability. An attacker can exploit this vulnerability by abusing the firmware upgrade/upload functionality, which contains a path traversal flaw. This allows the attacker to arbitrarily write a malicious file to a location on the system with www-data permissions, which can be executed to gain unauthorized access.

Akamai WAF bypassed via Spring Boot to trigger RCE

Akamai issued an update to resolve the flaw several months ago

December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability

The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518, could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and

CVE-2022-37155: [Suggested description] RCE in SPIP 3.1.13 through 4.1.2 allows remote auth - Pastebin.com

RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via a GET parameter

Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update

Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.

GHSA-9qcm-fqj9-93m4: .NET Framework Remote Code Execution Vulnerability.

.NET Framework Remote Code Execution Vulnerability. Dupe of GHSA-2c7v-qcjp-4mg2

CVE-2022-44666

Windows Contacts Remote Code Execution Vulnerability.

CVE-2022-44702

Windows Terminal Remote Code Execution Vulnerability