RCE

Sophos

More than 4,000 Sophos Firewall devices are vulnerable to RCE attacks

More than 4,000 vulnerable Sophos firewall devices accessing the Internet are vulnerable to attacks targeting a critical remote code execution (RCE) vulnerability. Sophos disclosed this code entry flaw (CVE-2022-3236) located in the user portal and Webadmin of the Sophos firewall in September and also released hotfixes for several Sophos firewall releases (the official fixes were …

More than 4,000 Sophos Firewall devices are vulnerable to RCE attacks Read More »

Zoho

Researchers release PoC vulnerability for critical Zoho RCE bug, patch now

A proof-of-concept exploit will be released later this week for a critical vulnerability that allows remote code execution (RCE) without authentication in multiple VMware products. Tracked as CVE-2022-47966, this pre-built security flaw for RCE is due to the use of an outdated and vulnerable third-party dependency, Apache Santuario. A successful exploit allows unauthenticated threat actors …

Researchers release PoC vulnerability for critical Zoho RCE bug, patch now Read More »

Supply chain

Auth0 Fixes an RCE flaw in the JsonWebToken library used by 22,000 projects

Auth0 has fixed a remote code execution vulnerability in the hugely popular open source library “JsonWebToken” which is used by over 22,000 projects and downloaded over 36 million times per month on NPM. The library is used in open source projects created by Microsoft, Twilio, Salesforce, Intuit, Box, IBM, Docusign, Slack, SAP, and many more. …

Auth0 Fixes an RCE flaw in the JsonWebToken library used by 22,000 projects Read More »