Critical RCE Flaw in the core Netgear Firmware Let Remote Attackers to Take Control of an Affected System

The cybersecurity organization GRIMM has recently announced vulnerability research towards a series of Netgear SOHO devices. The vulnerability that has been discovered generally enables remote code execution (RCE) as root and lets attackers take control of an affected system.  This vulnerability isn’t a typical router vulnerability, in this kind of vulnerability the actual source is […]

Continue Reading

Nagios XI vulnerabilities open enterprise IT infrastructure to attack

Researchers have unearthed 11 vulnerabilities affecting Nagios XI, a widely used enterprise IT infrastructure/network monitoring solution, some of which can be chained to allow remote code execution with root privileges on the underlying system. Attackers are likely to try to exploit vulnerabilities in network management systems like Nagios because their oversee critical network components and […]

Continue Reading

A malicious document could lead to RCE in Apache OpenOffice (CVE-2021-33035)

Apache OpenOffice, one of the most popular open-source office productivity software suites, sports a RCE vulnerability (CVE-2021-33035) that could be triggered via a specially crafted document. The vulnerability has been fixed in the software’s source code, but there is no official software version with the fix (though test build installers are available). About CVE-2021-33035 CVE-2021-33035 […]

Continue Reading

Plug critical VMvare vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005)

VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation, the most critical of which is CVE-2021-22005. “This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server,” the company noted. “The ramifications of this vulnerability are […]

Continue Reading