What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-10 20:51:38 | Threat actors exploit recently disclosed Atlassian Confluence flaw in cryptomining campaign (lien direct) | >Threat actors are exploiting the recently disclosed CVE-2022-26134 RCE in Atlassian Confluence servers to deploy cryptocurrency miners. CheckPoint researchers have observed threat actors exploiting the recently disclosed CVE-2022-26134 remote code execution vulnerability in Atlassian Confluence servers to deploy cryptocurrency miners. Last week, Atlassian warned of a critical unpatched remote code execution vulnerability affecting all Confluence […] | Vulnerability Threat | ||
|
2022-06-08 21:24:02 | 0Patch released unofficial security patch for new DogWalk Windows zero-day (lien direct) | >0patch researchers released an unofficial security patch for a Windows zero-day vulnerability dubbed DogWalk. 0patch released an unofficial security patch for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) dubbed DogWalk. The issue impacts all Windows versions, starting from Windows 7 and Server Server 2008, including the latest releases. The flaw […] | Tool Vulnerability | ||
|
2022-06-06 12:11:08 | Another nation-state actor exploits Microsoft Follina to attack European and US entities (lien direct) | >A nation-state actor is attempting to exploit the Follina flaw in a recent wave of attacks against government entities in Europe and the U.S. An alleged nation-state actor is attempting to exploit the recently disclosed Microsoft Office Follina vulnerability in attacks aimed at government entities in Europe and the U.S. On May 31, Microsoft released […] | Vulnerability | ||
|
2022-06-06 10:36:13 | Red TIM Research discovers a Command Injection with a 9,8 score on Resi (lien direct) | >During the bug hunting activity, Red Team Research (RTR) detected 2 zero-day bugs on GEMINI-NET, a RESI Informatica solution. It's been detected an OS Command Injection, which has been identified from NIST as a Critical one, its score is 9,8. This vulnerability comes from a failure to check the parameters sent as inputs into the […] | Vulnerability | ||
|
2022-06-05 18:11:36 | PoC exploits for Atlassian CVE-2022-26134 RCE flaw released online (lien direct) | >Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. Bleeping Computer reported that starting from Friday afternoon, a proof-of-concept exploit for this issue was publicly shared. Researchers from cybersecurity firm […] | Vulnerability | ||
|
2022-06-05 09:51:08 | (Déjà vu) Atlassian rolled out fixes for Confluence zero-day actively exploited in the wild (lien direct) | >Atlassian has addressed on Friday an actively exploited critical remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. Early this week, Atlassian warned of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions, tracked as CVE-2022-26134, that is being actively exploited in attacks in the […] | Vulnerability | ||
|
2022-06-04 08:36:53 | GitLab addressed critical account take over via SCIM email change (lien direct) | >GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts. GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680 (CVSS score 9.9), that could be exploited to take over an account. The vulnerability impacts all versions starting […] | Vulnerability | ||
|
2022-06-03 10:13:39 | Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited (lien direct) | >Atlassian warned of an actively exploited critical unpatched remote code execution flaw (CVE-2022-26134) in Confluence Server and Data Center products. Atlassian is warning of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions, tracked as CVE-2022-26134, that is being actively exploited in attacks in the wild. “Atlassian has […] | Vulnerability | ||
|
2022-06-02 05:33:25 | A critical RCE flaw in Horde Webmail has yet to be addressed (lien direct) | >A remote code execution vulnerability in the open-source Horde Webmail client can allow to take over servers by sending a specially crafted email. Researchers from SonarSource discovered a remote code execution vulnerability (CVE-2022-30287) in the open-source Horde Webmail client. Horde Webmail allows users to manage contacts, the flaw could be exploited by an authenticated user […] | Vulnerability | ||
|
2022-05-27 05:58:22 | Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw (lien direct) | >Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. Horizon3 security researchers have released a proof-of-concept (PoC) exploit and technical analysis for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. The virtualization giant recently warned that a threat actor can exploit the CVE-2022-22972 flaw (CVSSv3 base score of 9.8) […] | Vulnerability Threat | ||
|
2022-05-22 15:48:25 | North Korea-linked Lazarus APT uses Log4J to target VMware servers (lien direct) | >North Korea-linked Lazarus APT is exploiting the Log4J remote code execution (RCE) in attacks aimed at VMware Horizon servers. North Korea-linked group Lazarus is exploiting the Log4J RCE vulnerability (CVE-2021-44228) to compromise VMware Horizon servers. Multiple threat actors are exploiting this flaw since January, in January VMware urged customers to patch critical Log4j security vulnerabilities impacting Internet-exposed […] | Vulnerability Threat | APT 38 | |
|
2022-05-21 11:14:50 | Cisco fixes an IOS XR flaw actively exploited in the wild (lien direct) | >Cisco addressed a medium-severity vulnerability affecting IOS XR Software, the company warns that the flaw is actively exploited in the wild. Cisco released security updates to address a medium-severity vulnerability affecting IOS XR Software, tracked as CVE-2022-20821 (CVSS score: 6.5), that threat actors are actively exploiting in attacks in the wild. The flaw resides in […] | Vulnerability Threat | ||
|
2022-05-18 21:29:54 | VMware fixed a critical auth bypass issue in some of its products (lien direct) | >VMware addressed a critical authentication bypass vulnerability “affecting local domain users” in multiple products. The virtualization giant warns that a threat actor can exploit the flaw, tracked as CVE-2022-22972 (CVSSv3 base score of 9.8), to obtain admin privileges and urges customers to install patches immediately. “This critical vulnerability should be patched or mitigated immediately per the […] | Vulnerability Threat | ||
|
2022-05-13 14:52:37 | Zyxel fixed firewall unauthenticated remote command injection issue (lien direct) | Zyxel addressed a critical flaw affecting Zyxel firewall devices that allows unauthenticated, remote attackers to gain arbitrary code execution. Zyxel has moved to address a critical security vulnerability (CVE-2022-30525, CVSS score: 9.8) affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution as the “nobody” user. The issue was discovered […] | Vulnerability | ||
|
2022-05-10 14:29:10 | Microsoft fixed RCE flaw in a driver used by Azure Synapse and Data Factory (lien direct) | Microsoft disclosed a now-fixed vulnerability in Azure Synapse and Azure Data Factory that could have allowed remote code execution. Microsoft announced to have addressed a critical remote code execution flaw, tracked as CVE-2022-29972 and named SynLapse, affecting Azure Synapse and Azure Data Factory. The vulnerability was discovered by researchers from Orca Security and resides in […] | Vulnerability | ★★ | |
|
2022-05-06 18:38:36 | QNAP fixes multiple flaws, including a QVR RCE vulnerability (lien direct) | QNAP addressed multiple vulnerabilities, including a critical remote execution flaw affecting the QVR video surveillance solution. QNAP has addressed multiple vulnerabilities, including a critical security issue, tracked as CVE-2022-27588 (CVSS score of 9.8), that could be exploited by a remote attacker to execute arbitrary commands on vulnerable QVR systems. QNAP QVR is a video surveillance […] | Vulnerability | ★★★★ | |
|
2022-05-05 19:47:00 | Google addresses actively exploited Android flaw in the kernel (lien direct) | Google released the May security bulletin for Android, 2022-05-05 security patch level, which fixed an actively exploited Linux kernel flaw. Google has released the second part of the May Security Bulletin for Android, which includes a fix for an actively exploited Linux kernel vulnerability tracked as CVE-2021-22600. The CVE-2021-22600 is a privilege escalation issue that […] | Vulnerability | ||
|
2022-05-03 14:44:16 | A DNS flaw impacts a library used by millions of IoT devices (lien direct) | A vulnerability in the domain name system (DNS) component of the uClibc library impacts millions of IoT products. Nozomi Networks warns of a vulnerability, tracked as CVE-2022-05-02, in the domain name system (DNS) component of the uClibc library which is used by a large number of IoT products. The flaw also affects DNS implementation of all versions of the uClibc-ng […] | Vulnerability | ||
|
2022-04-26 18:00:59 | Iran-linked APT Rocket Kitten exploited VMware bug in recent attacks (lien direct) | The Iran-linked APT group Rocket Kitten has been observed exploiting a recently patched CVE-2022-22954 VMware flaw. Iran-linked Rocket Kitten APT group has been observed exploiting a recently patched CVE-2022-22954 VMware Workspace ONE Access flaw to deploy ‘Core Impact’ Backdoor. The CVE-2022-22954 vulnerability is a server-side template injection remote code execution issue, it was rated 9.8 […] | Vulnerability | APT 35 | |
|
2022-04-24 13:57:11 | Atlassian addresses a critical Jira authentication bypass flaw (lien direct) | Atlassian fixed a critical flaw in its Jira software, tracked as CVE-2022-0540, that could be exploited to bypass authentication. Atlassian has addressed a critical vulnerability in its Jira Seraph software, tracked as CVE-2022-0540 (CVSS score 9.9), that can be exploited by an unauthenticated attacker to bypass authentication. A threat actor could trigger the vulnerability by […] | Vulnerability Threat | ||
|
2022-04-23 18:12:53 | Are you using Java 15/16/17 or 18 in production? Patch them now! (lien direct) | A researcher has released proof-of-concept (PoC) code for a digital signature bypass vulnerability in Java. Security researcher Khaled Nassar released a proof-of-concept (PoC) code for a new digital signature bypass vulnerability, tracked as CVE-2022-21449 (CVSS score: 7.5), in Java. The vulnerability was discovered by ForgeRock researcher Neil Madden, who notified Oracle on November 11, 2021. An […] | Vulnerability | ||
|
2022-04-22 14:07:06 | A stored XSS flaw in RainLoop allows stealing users\' emails (lien direct) | Experts disclose an unpatched vulnerability in the RainLoop webmail client, tracked as CVE-2022-29360, that can be exploited to steal users’ emails. RainLoop is an open-source web-based email client used by thousands of organizations, which is affected by a vulnerability, tracked as CVE-2022-29360, that can be exploited to steal users’ emails. The vulnerability is a stored […] | Vulnerability | ||
|
2022-04-21 11:49:20 | Static SSH host key in Cisco Umbrella allows stealing admin credentials (lien direct) | Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA) that could allow stealing admin credentials. Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), tracked as CVE-2022-20773, that could be exploited by an unauthenticated attacker to steal admin credentials remotely. Umbrella is Cisco’s cloud-based Secure Internet Gateway (SIG) […] | Vulnerability | ||
|
2022-04-20 09:42:26 | (Déjà vu) CISA adds Windows Print Spooler to its Known Exploited Vulnerabilities Catalog (lien direct) | US Critical Infrastructure Security Agency (CISA) adds a Windows Print Spooler vulnerability to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added the Windows Print Spooler, tracked as CVE-2022-22718, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have […] | Vulnerability | ||
|
2022-04-19 12:29:55 | Kaspersky releases a free decryptor for Yanluowang ransomware (lien direct) | Kaspersky discovered a flaw in the encryption process of the Yanluowang ransomware that allows victims to recover their files for free. Researchers from Kaspersky discovered a vulnerability in the encryption process of the Yanluowang ransomware that can be exploited to recover the files encrypted by the malware without paying the ransom. The Yanluowang ransomware was […] | Ransomware Malware Vulnerability | ||
|
2022-04-15 22:13:40 | Threat actors use Zimbra exploits to target organizations in Ukraine (lien direct) | Threat actors are targeting Ukrainian government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882). Ukraine’s CERT (CERT-UA) warns of threat actors that are targeting government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882). “Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch […] | Vulnerability Threat | ||
|
2022-04-15 11:51:54 | Auth bypass flaw in Cisco Wireless LAN Controller Software allows device takeover (lien direct) | Cisco fixed a critical flaw in Cisco Wireless LAN Controller (WLC) that could allow an unauthenticated, remote attacker to take control affected devices. Cisco has released security patches to fix a critical vulnerability (CVSS score 10), tracked as CVE-2022-20695, in Cisco Wireless LAN Controller (WLC). A remote, unauthenticated attacker could exploit the flaw to bypass […] | Vulnerability | ★★★★★ | |
|
2022-04-15 10:25:30 | Google fixed third zero-day in Chrome since the start of 2022 (lien direct) | Google Chrome 100.0.4896.127 addresses a new high-severity zero-day vulnerability tracked as CVE-2022-1364, actively exploited by threat actors in the wild. Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux to address a high-severity zero-day, tracked as CVE-2022-1364, that is actively exploited by threat actors in attacks. The CVE-2022-1364 zero-day is a type confusion issue […] | Vulnerability Threat | ||
|
2022-04-14 14:13:56 | (Déjà vu) CISA adds Windows CLFS Driver Privilege Escalation flaw to its Known Exploited Vulnerabilities Catalog (lien direct) | The U.S. CISA added the CVE-2022-24521 Microsoft Windows CLFS Driver Privilege Escalation Vulnerability to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-24521 privilege escalation vulnerability in Microsoft Windows Common Log File System (CLFS) Driver. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB […] | Vulnerability | ★★★★ | |
|
2022-04-14 10:42:53 | Critical VMware Workspace ONE Access CVE-2022-22954 flaw actively exploited (lien direct) | Threat actors are actively exploiting a critical vulnerability in VMware Workspace ONE Access and Identity Manager recently patched by the vendor. Threat actors are actively exploiting a critical flaw, tracked as CVE-2022-22954, in VMware Workspace ONE Access and Identity Manager recently patched by the vendor. Researchers from cyber threat intelligence BadPackets also reported that the vulnerability […] | Vulnerability Threat | ||
|
2022-04-12 11:23:22 | NGINX project maintainers fix flaws in LDAP Reference Implementation (lien direct) | The maintainers of the NGINX web server project addressed a zero-day vulnerability in the Lightweight Directory Access Protocol (LDAP) Reference Implementation. The maintainers of the NGINX web server project have released security updates to address a zero-day vulnerability that resides in its Lightweight Directory Access Protocol (LDAP) Reference Implementation. The NGINX LDAP reference implementation uses […] | Vulnerability | ||
|
2022-04-11 07:19:41 | Securing Easy Appointments and earning CVE-2022-0482 (lien direct) | Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. Another day, another threat to your data. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability affecting Easy Appointments, a popular open-source web app written in PHP, used by thousands of sites to manage their online bookings. […] | Vulnerability Threat | ||
|
2022-04-09 07:45:29 | A Mirai-based botnet is exploiting the Spring4Shell vulnerability (lien direct) | Experts warn of a Mirai-based botnet exploiting the recently discovered Spring4Shell vulnerability in attacks in the wild. Trend Micro Threat Research reported that the recently discovered Spring4Shell vulnerability (CVE-2022-22965) is actively exploited by a Mirai-based botnet. Researchers from Chinese cybersecurity firm Qihoo 360 first reported the exploitation of the Spring4Shell by a Mirai-based botnet in early April. […] | Vulnerability Threat | ||
|
2022-04-07 13:11:33 | CVE-2022-22292 flaw could allow hacking of Samsung Android devices (lien direct) | Experts discovered a vulnerability, tracked as CVE-2022-22292, which can be exploited to compromise Android 9, 10, 11, and 12 devices. Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292, in Android 9, 10, 11, and 12 devices. The vulnerability resides in the pre-installed Phone app that executes with system privileges on Samsung […] | Vulnerability | ||
|
2022-04-05 11:02:05 | CISA adds Spring4Shell flaw to its Known Exploited Vulnerabilities Catalog (lien direct) | The U.S. CISA added the recently disclosed remote code execution (RCE) vulnerability Spring4Shell to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-22965 (aka Spring4Shell, CVSS score: 9.8) flaw in the Spring Framework, along with three other issues, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) […] | Vulnerability | ||
|
2022-04-04 20:06:31 | VMware released updates to fix the Spring4Shell vulnerability in multiple products (lien direct) | VMware released security updates to address the critical remote code execution vulnerability known as Spring4Shell. VMware has published security updates to address the critical remote code execution vulnerability known as Spring4Shell (CVE-2022-22965). According to the virtualization giant, the flaw impacts many of its cloud computing and virtualization products. The Spring4Shell issue was disclosed last week, […] | Vulnerability | ||
|
2022-04-02 10:00:39 | Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts (lien direct) | GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over user accounts. The CVE-2022-1162 vulnerability is related to the set of hardcoded static passwords during OmniAuth-based registration in GitLab CE/EE. “A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, […] | Vulnerability Threat | ||
|
2022-04-02 06:37:34 | Trend Micro fixed high severity flaw in Apex Central product management console (lien direct) | Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871, in the Apex Central product management console. Cybersecurity firm Trend Micro has addressed a high severity security flaw, tracked as CVE-2022-26871, in the Apex Central product management console. The CVE-2022-26871 vulnerability is an arbitrary file upload issue, its exploitation could lead […] | Vulnerability Guideline | ||
|
2022-04-01 09:51:44 | Zyxel fixes a critical bug in its business firewall and VPN devices (lien direct) | Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment vendor Zyxel has pushed security updates for a critical flaw, tracked as CVE-2022-0342 (CVSS 9.8), that affects some of its business firewall and VPN products. The vulnerability can be exploited to take control of the […] | Vulnerability | ||
|
2022-03-31 08:59:24 | Mysterious disclosure of a zero-day RCE flaw Spring4Shell in Spring (lien direct) | An unauthenticated zero-day RCE vulnerability in the Spring Core Java framework called ‘Spring4Shell’ has been publicly disclosed. Researchers disclosed a zero-day vulnerability, dubbed Spring4Shell, in the Spring Core Java framework called ‘Spring4Shell.’ An unauthenticated, remote attacker could trigger the vulnerability to execute arbitrary code on the target system. The framework is currently maintained by Spring.io […] | Vulnerability | ||
|
2022-03-30 18:30:23 | A critical RCE vulnerability affects SonicWall Firewall appliances (lien direct) | SonicWall released security updates to address a remote code execution vulnerability that affects multiple firewall appliances. SonicWall has released security updates to address a critical vulnerability (CVE-2022-22274) that impacts multiple firewall appliances that could be exploited by an unauthenticated, remote attacker to execute arbitrary code and trigger a denial-of-service (DoS) condition. The CVE-2022-22274 is a […] | Vulnerability | ||
|
2022-03-29 07:56:15 | CISA adds Chrome, Redis bugs to the Known Exploited Vulnerabilities Catalog (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Chrome and Redis flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chome zero-day (CVE-2022-1096) and a critical Redis vulnerability (CVE-2022-0543), along with other 30 vulnerabilities, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing […] | Vulnerability | ||
|
2022-03-25 20:15:24 | Chrome emergency update fixes actively exploited a zero-day bug (lien direct) | Google addresses an actively exploited zero-day flaw with the release of Chrome 99.0.4844.84 for Windows, Mac, and Linux. Google fixed an actively exploited high-severity zero-day vulnerability with the release of Chrome 99.0.4844.84 for Windows, Mac, and Linux. Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug, tracked […] | Vulnerability | ★★★ | |
|
2022-03-18 14:38:12 | Red TIM Research (RTR) team discovers a bug on Ericsson Network Manager (lien direct) | TIM Red Team Research (RTR) researchers discovered a new flaw on Ericsson Network Manager, aka Ericsson flagship network product. TIM Red Team Research (RTR) team discovered a new vulnerability affecting Ericsson Network Manager, which is known as Ericsson flagship network product. Ericsson Network Manager and network OSS As mentioned, we're talking about an Ericsson flagship […] | Vulnerability | ||
|
2022-03-17 11:16:02 | B1txor20 Linux botnet use DNS Tunnel and Log4J exploit (lien direct) | Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel. Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20. The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured […] | Malware Vulnerability | ||
|
2022-03-15 22:40:26 | CVE-2022-0778 DoS flaw in OpenSSL was fixed (lien direct) | OpenSSL addressed a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, related to certificate parsing. OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project Zero researchers Tavis Ormandy. An attacker can trigger the vulnerability by crafting […] | Vulnerability | ||
|
2022-03-15 11:32:01 | Dirty Pipe Linux flaw impacts most QNAP NAS devices (lien direct) | Taiwanese vendor QNAP warns most of its NAS devices are impacted by high severity Linux vulnerability dubbed ‘Dirty Pipe.’ Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by the recently discovered Linux vulnerability ‘Dirty Pipe.’ An attacker with local access can exploit the high-severity vulnerability Dirty Pipe to […] | Vulnerability | ||
|
2022-03-08 07:53:39 | Dirty Pipe Linux flaw allows gaining root privileges on major distros (lien direct) | Dirty Pipe is a Linux vulnerability, tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros. Security expert Max Kellermann discovered a Linux flaw, dubbed Dirty Pipe and tracked as CVE-2022-0847, that can allow local users to gain root privileges on all major distros. The vulnerability affects Linux Kernel […] | Vulnerability | ||
|
2022-02-24 21:53:39 | CISA adds two Zabbix flaws to its Known Exploited Vulnerabilities Catalog (lien direct) | US CISA added two flaws impacting Zabbix infrastructure monitoring tool to its Known Exploited Vulnerabilities Catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities impacting the Zabbix infrastructure monitoring tool to its Known Exploited Vulnerabilities Catalog. Threat actors are actively exploiting the two vulnerabilities that are reported in the following table: CVE ID Vulnerability Name Due […] | Tool Vulnerability Threat | ||
|
2022-02-23 11:07:11 | Horde Webmail Software is affected by a dangerous bug since 2012 (lien direct) | Experts found a nine-year-old unpatched flaw in the Horde Webmail software that could allow access to email accounts. A feature in the Horde Webmail is affected by a nine-year-old unpatched security vulnerability that could be abused to gain complete access to email accounts simply by previewing an attachment. Horde Webmail is a free, enterprise-ready, and […] | Vulnerability |
To see everything:
Our RSS (filtrered)
