Hosted on MSN

Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight

Several H3C Magic router models have critical vulnerabilities The vulnerabilities allow for privilege escalation and command injection No patch has so far been issued for the vulnerabilities Several ...
ZDNet

SaltStack revises partial patch for command injection, privilege escalation vulnerability

The Salt Project has issued a secondary fix for a command injection vulnerability after the first attempt to patch the issue partially failed. The vulnerability, tracked as CVE-2020-28243, impacts ...
Bleeping Computer

CISA urges devs to weed out OS command injection vulnerabilities

CISA and the FBI urged software companies on Wednesday to review their products and eliminate path OS command injection vulnerabilities before shipping. Velvet Ant, the Chinese state-sponsored threat ...
Dark Reading

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

One bug — CSCwc67015 — was spotted in yet-to-be-released code. It could have allowed hackers to remotely execute their own code, and potentially overwrite most of the files on the device. The second, ...

Security experts discover critical flaw in OpenAI's Codex able to compromise entire organizations

Researchers managed to steal GitHub OAuth tokens by abusing a command injection vulnerability.