Following Vulnerabilities:
CVE-2020-16898 — There’s an RCE in the Windows TCP/IP stack related to the handling of ICMPv6 Router Advertisements More
CVE-2020-16898 Highlights
- Do not disable IPv6 entirely unless you want to break Windows in interesting ways.
- This can only be exploited from the local subnet.
- But it may lead to remote code execution / BSOD
- PoC exploit is easy, but actual RCE is hard.
- Patch
Almost 800,000 internet-accessible SonicWall VPN appliances will need to be updated and patched for a major new vulnerability that was disclosed on Wednesday. 800,000 SonicWall VPNs are vulnerable to an RCE.
Discord Desktop app RCE
A few months ago, I discovered a remote code execution issue in the Discord desktop application and I reported it via their Bug Bounty Program.
The RCE I found was an interesting one because it is achieved by combining multiple bugs. In this article, I’d like to share the details.. More
Multiple vulnerabilities have been discovered in #Magento CMS, the most severe of which could allow for arbitrary code execution. More