Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534)
A critical Remote Code Execution (RCE) vulnerability identified as CVE-2024-21534 has been discovered in versions of the jsonpath-plus package before 10.0.0. This vulnerability allows attackers to execute arbitrary code on affected systems by exploiting improper input sanitization and the unsafe default usage of the vm module in Node.js. jsonpath-plus is a JavaScript implementation of JSONPath […]
Analyzing the Latest CUPS RCE Vulnerability: Threats and Mitigations
Remote Code Execution (RCE) in CUPS via ‘cups-browsed’ CUPS (Common Unix Printing System) is a popular printing system for Unix-like systems, with cups-browsed responsible for printer discovery and network browsing. A recent vulnerability in cups-browsed allows Remote Code Execution (RCE) through manipulated printer discovery responses. This vulnerability is caused by insufficient input validation on UDP […]
Critical 9.9 Linux Bug Exposes Containers, Hosts and Endpoints to Remote Code Execution (RCE) Exploits
Several critical Linux vulnerabilities have been declared, involving a bug in CUPS, the Common UNIX Printing System. All versions of Red Hat Enterprise Linux (RHEL) are among the Linux distributions affected, but not in default configuration. There are four vulnerabilities that have been identified and allocated the following CVEs – CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177. […]
Google Issues Emergency Patch for Chrome Zero-Day (CVE-2024-7965)
Overview On July 30, 2024, a critical zero-day vulnerability (CVE-2024-7965) was discovered in Google Chrome’s V8 JavaScript engine. Google swiftly responded with an emergency patch after confirming that this flaw was being actively exploited in the wild. On August 26, 2024, Google released a new Chrome version addressing this issue that all Chrome users should […]
Identify Emerging Vulnerabilities & Threats in Your Environment With Upwind’s Security Feed
We are excited to announce the release of the Upwind Security Feed – a native feed accessible from directly within the Upwind platform, providing you with constantly updated information about new and emerging attacks, zero days, and security trends that are relevant to your environment and should be investigated further. The Upwind Security Research team […]
regreSSHion: RCE in OpenSSH’s Server on glibc-based Linux Systems (CVE-2024-6387)
OpenSSH is widely known for managing secure shell connections (SSH). However, a recently discovered vulnerability in OpenSSH’s server (sshd), known as regreSSHion, has been identified. If a client does not authenticate within the LoginGraceTime (120 seconds by default, 600 seconds in older versions), sshd’s SIGALRM handler is called asynchronously. This signal handler calls functions that […]