BestHub
Sign in
Tag

Remote Code Execution

0 views collected around this technical thread.

DevOps Operations Practice
DevOps Operations Practice
Aug 18, 2024 · Information Security

Critical Windows TCP/IP Vulnerability (CVE‑2024‑38063) Allows Remote Code Execution via IPv6

Microsoft has disclosed a critical Windows TCP/IP stack vulnerability (CVE‑2024‑38063) with a CVSS 9.8 score that enables remote code execution through specially crafted IPv6 packets, is wormable, and can spread laterally across internal networks, prompting immediate patch installation or IPv6 disabling.

CVE-2024-38063IPv6Remote Code Execution
0 likes · 3 min read
Critical Windows TCP/IP Vulnerability (CVE‑2024‑38063) Allows Remote Code Execution via IPv6
Java Tech Enthusiast
Java Tech Enthusiast
Jun 1, 2024 · Information Security

Git CVE-2024-32002 Remote Code Execution Vulnerability Analysis

The article examines Git CVE‑2024‑32002, a remote‑code‑execution flaw that lets attackers run malicious code simply by cloning a crafted repository, exploiting Git hooks, submodules and case‑insensitive symbolic‑link tricks, and advises users to verify their Git version and update to mitigate the risk.

CVE-2024-32002HooksRCE
0 likes · 9 min read
Git CVE-2024-32002 Remote Code Execution Vulnerability Analysis
Java Architect Essentials
Java Architect Essentials
Nov 22, 2023 · Information Security

Apache ActiveMQ Remote Code Execution Vulnerability and Mitigation for JDK8/Docker Environments

The article explains the critical remote code execution vulnerability discovered in Apache ActiveMQ, lists the affected and safe versions, and provides practical mitigation steps—including upgrading, network restrictions, and a custom Docker image for JDK8 users—to protect systems from exploitation.

Apache ActiveMQDockerJDK8
0 likes · 4 min read
Apache ActiveMQ Remote Code Execution Vulnerability and Mitigation for JDK8/Docker Environments
Laravel Tech Community
Laravel Tech Community
Oct 29, 2023 · Information Security

Remote Code Execution Vulnerability in Apache ActiveMQ < 5.18.3 (Deserialization)

Apache ActiveMQ versions prior to 5.18.3 are vulnerable to a deserialization flaw that allows remote code execution via crafted OpenWire messages on port 61616, affecting various activemq-client and activemq-openwire-legacy artifacts, and can be mitigated by upgrading to 5.15.16, 5.16.7, 5.17.6, 5.18.3 or later.

Apache ActiveMQMessaging MiddlewareRemote Code Execution
0 likes · 3 min read
Remote Code Execution Vulnerability in Apache ActiveMQ < 5.18.3 (Deserialization)
Laravel Tech Community
Laravel Tech Community
Aug 8, 2023 · Information Security

OpenSSH ssh-agent Client Remote Code Execution Vulnerability (CVE-2023-38408)

A critical OpenSSH ssh-agent vulnerability (CVE-2023-38408) allows attackers to execute arbitrary code on the client by forwarding the agent and loading a malicious shared library, affecting all ssh-agent versions up to 9.3p2 and OpenSSH versions up to 9.3p2‑1, with mitigation recommendations to disable forwarding and upgrade the package.

CVE-2023-38408OpenSSHRemote Code Execution
0 likes · 3 min read
OpenSSH ssh-agent Client Remote Code Execution Vulnerability (CVE-2023-38408)
Laravel Tech Community
Laravel Tech Community
Jan 29, 2023 · Information Security

Git Security Vulnerabilities CVE-2022-41903 and CVE-2022-23521: Integer Overflows in Pretty Formatting and Gitattributes

Git released maintenance versions fixing critical security issues CVE-2022-41903 and CVE-2022-23521, which stem from integer overflows in the pretty formatting code and gitattributes parsing, potentially allowing arbitrary heap reads/writes and remote code execution via crafted git log formats or malicious .gitattributes files.

CVERemote Code Executiongit
0 likes · 3 min read
Git Security Vulnerabilities CVE-2022-41903 and CVE-2022-23521: Integer Overflows in Pretty Formatting and Gitattributes
Laravel Tech Community
Laravel Tech Community
Dec 15, 2022 · Information Security

Top 10 Notable Security Vulnerabilities of 2022

This article surveys the most dangerous 2022 security flaws—including Follina, Log4Shell, Spring4Shell, F5 BIG‑IP, Chrome zero‑day, Office, ProxyNotShell, Zimbra, Confluence, and Zyxel—detailing their impact, exploitation by threat actors, and the importance of timely patching.

2022CVERemote Code Execution
0 likes · 8 min read
Top 10 Notable Security Vulnerabilities of 2022
Laravel Tech Community
Laravel Tech Community
Oct 18, 2022 · Information Security

Linux Kernel Remote Code Execution Vulnerability (CVE-2022-42721)

A remote code execution vulnerability (CVE-2022-42721) affecting Linux kernel versions 5.1 through 5.19.14 allows local attackers to inject malicious WLAN frames that corrupt the mac80211 BSS handling list, enabling execution of arbitrary code, and can be mitigated by upgrading to kernel 5.19.15 or later.

PatchRemote Code Executioncve-2022-42721
0 likes · 2 min read
Linux Kernel Remote Code Execution Vulnerability (CVE-2022-42721)
Laravel Tech Community
Laravel Tech Community
Sep 4, 2022 · Information Security

Remote Code Execution Vulnerability in GitLab GitHub Import API (CVE-2022-2992)

A remote code execution vulnerability (CVE-2022-2992) affecting GitLab versions 11.10 through 15.3.2 allows authenticated users to execute arbitrary code via the GitHub import API, and can be mitigated by upgrading to patched releases or disabling the import feature.

CVE-2022-2992Remote Code Executiongitlab
0 likes · 3 min read
Remote Code Execution Vulnerability in GitLab GitHub Import API (CVE-2022-2992)
DevOps Cloud Academy
DevOps Cloud Academy
Jun 5, 2022 · Information Security

Critical Remote Code Execution Vulnerability CVE-2022-26134 in Atlassian Confluence – Description, Impact, and Mitigation Steps

Atlassian Confluence suffers a severe, easily exploitable remote code execution flaw (CVE-2022-26134) that allows unauthenticated attackers to run arbitrary commands, affecting multiple versions and prompting both official upgrade recommendations and detailed temporary mitigation procedures, while Xmirror's Cloud Shark RASP offers innate protection.

CVE-2022-26134ConfluenceRASP
0 likes · 9 min read
Critical Remote Code Execution Vulnerability CVE-2022-26134 in Atlassian Confluence – Description, Impact, and Mitigation Steps
Java Architecture Diary
Java Architecture Diary
May 24, 2022 · Information Security

Fastjson ≤1.2.80 Deserialization Flaw Enables Remote Code Execution – How to Protect Your Systems

A critical deserialization flaw in Fastjson versions up to 1.2.80 allows attackers to bypass autoType restrictions and achieve remote code execution, affecting Spring Cloud Alibaba Sentinel users, with mitigation steps and version-specific fixes detailed for both open‑source and commercial releases.

Remote Code ExecutionSpring Cloud Alibaba Sentinelcommercial
0 likes · 2 min read
Fastjson ≤1.2.80 Deserialization Flaw Enables Remote Code Execution – How to Protect Your Systems
Code Ape Tech Column
Code Ape Tech Column
Mar 5, 2022 · Information Security

Spring Cloud Gateway Vulnerabilities CVE-2022-22946 and CVE-2022-22947: Description, Impact, and Mitigation

This article explains two critical Spring Cloud Gateway vulnerabilities (CVE-2022-22946 and CVE-2022-22947), detailing their causes, affected versions, potential impact, and recommended remediation steps such as upgrading to safe releases or disabling the vulnerable actuator endpoint.

CVERemote Code ExecutionSpring Boot
0 likes · 4 min read
Spring Cloud Gateway Vulnerabilities CVE-2022-22946 and CVE-2022-22947: Description, Impact, and Mitigation
Java Architecture Diary
Java Architecture Diary
Mar 4, 2022 · Information Security

How to Prevent the Spring Cloud Gateway RCE Vulnerability (CVE‑2022‑22947)

This article explains the remote code execution flaw in Spring Cloud Gateway's Actuator endpoint (CVE‑2022‑22947), lists the affected versions, and provides mitigation steps such as restricting endpoint exposure, upgrading to patched releases, and applying operational hardening best practices.

ActuatorCVE-2022-22947Remote Code Execution
0 likes · 3 min read
How to Prevent the Spring Cloud Gateway RCE Vulnerability (CVE‑2022‑22947)
Architecture Digest
Architecture Digest
Dec 21, 2021 · Information Security

Apache Log4j2 Remote Code Execution Vulnerability Exploitation Guide

This article introduces Apache Log4j2, explains the remote code execution vulnerability caused by unsafe JNDI lookups, provides step‑by‑step environment setup, PoC code, exploitation instructions, and outlines official patches and temporary mitigation measures for developers and security engineers.

JavaMitigationRemote Code Execution
0 likes · 5 min read
Apache Log4j2 Remote Code Execution Vulnerability Exploitation Guide
Laravel Tech Community
Laravel Tech Community
Dec 13, 2021 · Information Security

Apache Log4j2 Remote Code Execution Vulnerability: Description, Impact, and Mitigation Steps

On December 10, a critical remote code execution vulnerability in Apache Log4j 2.x (≤ 2.14.1) was disclosed, allowing attackers to execute arbitrary code via JNDI injection; the article explains the flaw, affected components, detection methods, and urgent remediation measures such as disabling lookups and upgrading to safe versions.

JNDI injectionMitigationRemote Code Execution
0 likes · 5 min read
Apache Log4j2 Remote Code Execution Vulnerability: Description, Impact, and Mitigation Steps
macrozheng
macrozheng
Dec 12, 2021 · Information Security

Unpacking the Log4j2 Log4Shell Vulnerability: How JNDI Injection Works

This article breaks down the widely publicized Log4j2 (Log4Shell) flaw, explaining the underlying JNDI and LDAP lookup mechanisms, how malicious payloads are executed through log messages, the massive impact across Java ecosystems, and the steps needed to remediate the issue.

JNDI injectionJava securityRemote Code Execution
0 likes · 10 min read
Unpacking the Log4j2 Log4Shell Vulnerability: How JNDI Injection Works
Top Architect
Top Architect
Dec 10, 2021 · Information Security

Log4j 2 Vulnerability Overview and Mitigation Measures

The article explains the Log4j 2 remote code execution vulnerability affecting versions up to 2.14.1, describes its impact, lists affected components, and provides both permanent upgrade instructions and urgent mitigation steps such as JVM flags, configuration changes, and environment variable settings.

JavaMitigationRemote Code Execution
0 likes · 3 min read
Log4j 2 Vulnerability Overview and Mitigation Measures
Architecture Digest
Architecture Digest
Jun 27, 2020 · Information Security

Apache Dubbo Remote Code Execution Vulnerability (CVE-2020-1948): Background, Risk Assessment, Affected Versions, and Mitigation

The article details the high‑severity CVE‑2020‑1948 remote code execution flaw in Apache Dubbo, describing its background, risk rating, affected versions, remediation steps, asset‑mapping data, and a timeline of disclosures to help users protect their Java RPC services.

Apache DubboCVE-2020-1948Java
0 likes · 4 min read
Apache Dubbo Remote Code Execution Vulnerability (CVE-2020-1948): Background, Risk Assessment, Affected Versions, and Mitigation
FunTester
FunTester
Jun 1, 2020 · Information Security

Fastjson <=1.2.68 Remote Code Execution Vulnerability and Mitigation Recommendations

Tencent Cloud Security reports that Fastjson versions up to 1.2.68 contain a high‑risk remote code execution vulnerability exploitable via the autotype feature, allowing attackers to gain server system privileges, and recommends immediate updates, enabling SafeMode, or replacing the library with alternatives such as Jackson‑databind or Gson.

JavaPatchRemote Code Execution
0 likes · 3 min read
Fastjson <=1.2.68 Remote Code Execution Vulnerability and Mitigation Recommendations
macrozheng
macrozheng
Mar 3, 2020 · Information Security

Exploiting Apache Tomcat AJP File Inclusion (CVE‑2020‑1938) for Remote Code Execution

This article analyzes the high‑severity Apache Tomcat AJP file‑inclusion vulnerability (CVE‑2020‑1938), detailing affected versions, the underlying code flaw, how attackers can read arbitrary files and achieve remote code execution, and provides concrete upgrade recommendations to mitigate the risk.

AJPApache TomcatCVE-2020-1938
0 likes · 7 min read
Exploiting Apache Tomcat AJP File Inclusion (CVE‑2020‑1938) for Remote Code Execution