Python programming language hurries out update to tackle remote code vulnerability
Python 3.9.1 and 3.8.8 have been rushed out by the Python Software Foundation after two security flaws. One of the two flaws is remotely exploitable, but only threatens to knock a machine offline. This remote code execution vulnerability is being tracked as CVE-2021-3177. The release of the new system upgrades
Critical Adobe Acrobat and Reader Bugs Allow RCE
On Tuesday, Adobe patched several critical and important flaws related to CVEs in Acrobat and Adobe Reader. The fixes were part of the company’s regularly scheduled security updates. 11 holes in Acrobat and Reader ranked as critical have been patched. The now-fixed flaws could allow attackers to remotely execute code
Two Critical Android Bugs Open Door to RCE
In June updates, Google and Qualcomm addressed significant vulnerabilities affected Andriod users that could lead to remote code execution (RCE) on applicable devices. The bugs, CVE-2020-0117, and CVE-2020-8597 affect Andriod versions 8 to 10 and can allow for RCE in the context of a privileged process. An attacker could potentially
Connected Home Hubs Open Houses to Full Remote Takeover
According to researchers at ESET, three different connected home hub systems, Fibaro Home Center Lite, Homematic Central Control Unit, and Elko’s eLAN-RF-003 contain serious bugs that could allow for unauthenticated remote code execution (RCE) as well as information disclosure and man-in-the-middle attacks. The home hubs are used to connect to
RCE Exploit Released for IBM Data Risk Manager, No Patch Available
IBM has not yet patched four serious security vulnerabilities that lie in the IBM Data Risk Manager (IDRM). The vulnerabilities can lead to unauthenticated remote code execution (RCE), according to an analysis from Agile Information Security. A proof-of-concept exploit is also available for version 2.0.3. IDRM serves as a software
Over 350,000 Exchange Servers Exposed to Serious RCE Bug
According to Rapid7, over 350,000 Exchange servers across the globe remain exposed to a critical vulnerability patched by Microsoft in February. The vulnerability is actively exploited in the wild, according to researchers, and over 82% of the 433,464 Exchange servers detected are still vulnerable as of March 24. The vulnerability,
Critical Remote Code Execution Flaw Found in Open Source rConfig Utility
A security researcher has discovered two remote code execution vulnerabilities, one of which is deemed critical, in the open-source network configuration tool rConfig that thousands of network engineers are using to snapshots of more than 7 million network devices. The critical flaw, tracked as CVE-2019-16662, makes it possible for a
Google October Android Security Update Fixes Critical RCE Flaws
Google has released patches for 28 security vulnerabilities, 11 of which where critical flaws, affecting the Android operating system. Three of the critical bugs are remote code execution (RCE) flaws that could be exploited by attackers to run arbitrary code on vulnerable devices. The RCE vulnerabilities, tracked as CVE-2019-2184, CVE-2019-2185
Critical RCE Flaw in Palo Alto Gateways Hits Uber
Tenable researchers have uncovered a remote code-execution (RCE) flaw affecting the VPN software offered by Palo Alto Networks. The vulnerability, tracked as CVE-2019-1579, was inadvertently fixed in the latest versions of the software, even though the company was unaware of it at the time. However, older versions of the VPN