Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine ISE and ISE Passive Identity Connector ISE-PIC that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers...

Microsoft Word 2016 Multiple RCE Vulnerabilities (KB5002710)

This host is missing an important security update according to Microsoft KB5002710 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

ALSA-2025:7417 Important: gimp security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: dds buffe...

Sonos Speakers S1 App < 11.15.1, S2 App < 16.6 Multiple RCE Vulnerabilities (SSA-2024-0002)

Sonos speakers are prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings

Summary The endpoint /site-structure/localizer/save-string/:lang/:defstring accepts two parameter values: lang and defstring. These values are used in an unsafe way to set the keys and value of the cfgStrings object. It allows to add/modify properties of the Object prototype that result in severa...

Mirai Botnet’s Offspring InfectedSlurs Exploits Dual Zero-Days

Summary: A new Mirai-based malware botnet, InfectedSlurs, is actively conducting a sophisticated campaign by exploiting two zero-day remote code execution RCE vulnerabilities in routers and video recorder NVR devices. These vulnerabilities, currently being exploited in the wild, facilitate the...

Patch Tuesday - October 2023

Microsoft is addressing 105 vulnerabilities this October Patch Tuesday, including three zero-day vulnerabilities, as well as 12 critical remote code execution RCE vulnerabilities, and one republished third-party vulnerability. WordPad: zero-day NTLM hash disclosure Another Patch Tuesday, another...

A Few More Reasons Why RDP is Insecure (Surprise!)

If it seems like Remote Desktop Protocol RDP has been around forever, it's because it has at least compared to the many technologies that rise and fall within just a few years. The initial version, known as "Remote Desktop Protocol 4.0," was released in 1996 as part of the Windows NT 4.0 Terminal...

Microsoft Office 2019 Multiple RCE Vulnerabilities (Apr 2023) - Mac OS X

This host is missing an important security update for Microsoft Office 2019 on Mac OS X according to Microsoft security update April 2023 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Patch Tuesday - March 2023

Microsoft is offering fixes for 101 security issues for March 2023 Patch Tuesday, including two zero-day vulnerabilities; the most interesting of the two zero-day vulnerabilities is a flaw in Outlook which allows an attacker to authenticate against arbitrary remote resources as another user...

Microsoft Office Outlook 2019 RCE Vulnerabilities (Jan 2023) - Mac OS X

This host is missing an important security update for Microsoft Office Outlook 2019 on Mac OS X according to Microsoft security update January 2023 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Patch Tuesday - December 2022

As far as Patch Tuesdays go, defenders have a relatively light month to close out the year with only 48 CVEs being published by Microsoft today. This does not include the 24 previously disclosed vulnerabilities affecting their Chromium-based Edge browser. There are two zero-days in the mix today...

Microsoft Office 365 (2016 Click-to-Run) Multiple RCE Vulnerabilities (Apr 2022)

This host is missing a critical security update according to Microsoft Office Click-to-Run updates SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2022-36534

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution RCE vulnerabilities via the JobExecuteBefore and JobExecuteAfter parameters at postprofilesettings.php...

SUSE SLES12 Security Update : php74 (SUSE-SU-2022:2161-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2161-1 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying...

Adobe InDesign RCE Vulnerabilities (APSB22-30) - Mac OS X

Adobe Indesign is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:indesignserver";...

Adobe InDesign RCE Vulnerabilities (APSB22-30) - Windows

Adobe Indesign is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:indesignserver";...

Microsoft addresses multiple RCE vulnerabilities in their June 2022 Patch Tuesday

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Microsoft June 2022 Patch Tuesday addressed 55 security flaws. One of them is the Follina which has been addressed in another detailed advisory. Three of them have been rated criticalas per Microsoft and...

Remote Desktop Client Multiple RCE Vulnerabilities - Windows

Remote Desktop Client and is prone to RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications...