Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover
CloudLinux’s security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug, leaving web servers vulnerable to code execution and tekeover.
Critical Linux Kernel Bug Allows Remote Takeover
A critical Linux kernel bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other, and could allow remote takeover.
CISA warns of remote code execution vulnerability with Discourse
The CISA recently urged developers to update Discourse versions 2.7.8 and earlier, warning of a critical remote code execution (RCE) vulnerability (CVE-2021-41163) discovered in the platform.
LibreOffice, OpenOffice bug allows hackers to spoof signed docs
LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source. "Allowing anyone to sign macro-ridden documents themselves, and make them appear as trustworthy, is an excellent way to trick users into running malicious code."
Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects
A high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code.The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution.