Researchers have disclosed details of two critical security vulnerabilities (CVE-2021-45467) in Control Web Panel, an open-source Linux control panel software used for deploying web hosting environments, that could be abused as pa...
Apache OpenOffice (AOO) is currently vulnerable to a remote code execution vulnerability (CVE-2021-33035) recently discovered by security researcher Eugene Lim, and while the app's source code has been patched, the fix has only been made available as beta software and awaits an official release.
Azure users running Linux VMs may not be aware they have a severely vulnerable piece of management software installed on their machine by Microsoft, which can be remotely exploited in an incredibly surprising and equally stupid way. "This is a textbook RCE vulnerability that you would expect to see in the 90's -- it's highly unusual to have one crop up in 2021 that can expose millions of endpoints," Wiz security researcher Nir Ohfeld wrote.
A critical security vulnerability (CVE-2021-40346) has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks. HAProxy has released an upgrade remediating the weakness by adding size checks for the name and value lengths.