Six vulnerabilities in the popular Rsync file-synchronizing tool were disclosed Wednesday, including critical and high-severity flaws that could risk remote code execution (RCE) and data leakage. The Rsync utility is commonly used in Unix-like operating systems, and the Rsync daemon is frequently used to synchronize and distribute files through public mirrors. The CERT Coordination Center … Read more
Industrial networking device maker Moxa on Jan. 3 released patches for two bugs in its cellular routers, secure routers, and network security appliances, many of which operate in the critical infrastructure sector. One of the bugs — CVE-2024-9140 — was a critical 9.3 flaw that could potentially allow a remote code execution (RCE), posing significant risk … Read more
Dec 27, 2024Ravie LakshmananVulnerability / Software Security The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and … Read more
Nov 12, 2024Ravie LakshmananVirtualization / Vulnerability Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and … Read more
Nov 09, 2024Ravie LakshmananVulnerability / Network Security Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. “Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management … Read more
