Ghostscript bug could allow rogue documents to run system commands
Even if you’ve never heard of the venerable Ghostscript project, you may have it installed without knowing.
RCE
Critical SQL Injection flaws in Gentoo Soko can lead to Remote Code Execution
SQL injection vulnerabilities in Gentoo Soko could lead to remote code execution (RCE) on impacted systems. SonarSource researchers discovered two SQL injection vulnerabilities in Gentoo Soko, collectively tracked as CVE-2023-28424 (CVSS score: 9.1) [1],[2], that can be exploited by a remote attacker to execute arbitrary code on vulnerable systems. “The two package search handlers, Search […]
The post Critical SQL Injection flaws in Gentoo Soko can lead to Remote Code Execution appeared first on Security Affairs.
ASUS warns router customers: Patch now, or block all inbound requests
“Do as we say, not as we do!” – The patches took ages to come out, but don’t let that lure you into taking ages to install them.
Fortinet urges to patch a critical RCE flaw in Fortigate firewalls
Fortinet released security updates to fix a critical security flaw in its FortiGate firewalls that lead to remote code execution. Fortinet has released security patches to address a critical security vulnerability, tracked as CVE-2023-27997, in its FortiGate firewalls. An attacker can exploit the vulnerability to achieve remote code execution on vulnerable network equipment. The vulnerability was […]
The post Fortinet urges to patch a critical RCE flaw in Fortigate firewalls appeared first on Security Affairs.
Zyxel firewall and VPN devices affected by critical flaws
Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, that affect several of its firewall and VPN products. A remote, unauthenticated attacker can can trigger the flaws to cause a denial-of-service (DoS) […]
The post Zyxel firewall and VPN devices affected by critical flaws appeared first on Security Affairs.
Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE
Cisco is warning customers of a critical remote code execution vulnerability affecting its EoL SPA112 2-Port Phone Adapters. Cisco is warning of a critical remote code execution (RCE) vulnerability, tracked as CVE-2023-20126 (CVSS score of 9.8), impacting SPA112 2-Port phone adapters. The company product has reached end-of-life (EoL). The vulnerability resides in the web-based management […]
The post Cisco EoL SPA112 2-Port Phone Adapters are affected by critical RCE appeared first on Security Affairs.
Apache Superset Shipped With Unpatched RCE Vulnerability
Researchers spotted a severe unpatched remote code execution vulnerability shipped by default in Apache Superset.…
Apache Superset Shipped With Unpatched RCE Vulnerability on Latest Hacking News | Cyber Security News, Hacking Tools and Penetratio…
PaperCut security vulnerabilities under active attack – vendor urges customers to patch
If you have the product, but you haven’t patched – well, the crooks have now landed, so please don’t delay. Do it today…
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads
That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices – patch now!
Dangerous Android phone 0-day bugs revealed – patch or work around them now!
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.