Astra Kernel :verified: · @AstraKernel
451 followers · 501 posts · Server infosec.exchange

✨ CVE-2022-37958:
Critical Windows code-execution vulnerability went undetected until now

▶️ Potential to rival EternalBlue

▶️ Wormable

▶️ Unlike EternalBlue, Vulnerability present in a much broader range of network protocols

▶️ Good news: patch was released in September. hopefully all of us applied it

arstechnica.com/information-te

#infosec #eternalblue #patching #securityadvisory #sysadmin #blueteam #windowsvulnerability

Last updated 2 years ago

The WA SOC has observed 4 new vulnerabilities affecting Microsoft Windows applications and services, notably CVE-2022-41128 has a CVSSv3 of 8.8.

wagov.github.io/wasocshared/#/

#securityadvisory

Last updated 2 years ago

The WA SOC has observed 3 new vulnerabilities affecting Citrix ADC and gateway products, notably CVE-2022-27510 has a CVSSv3 of 9.8. Appliances that have enabled SSL VPN functionality or are using ICA Proxy services have an authentication bypass vulnerability, that could be exploited for initial access.

wagov.github.io/wasocshared/#/

#securityadvisory

Last updated 2 years ago

#securityadvisory

Last updated 2 years ago

Marcus · @mnw
241 followers · 1421 posts · Server tilde.zone

Just a little something to worry about in the morning. openssl.org/news/secadv/202207 Just when you thought you were being safe with 2048

#openssl #securityadvisory

Last updated 2 years ago

Julien M. · @julm
485 followers · 4935 posts · Server framapiaf.org


> : A deep root in 's layer (-2021-33909)
> by creating, mounting, and deleting a deep
directory structure whose total path length exceeds 1GB [...]
> We [...] obtained full privileges on default installations
openwall.com/lists/oss-securit

#infosec #ebpf #root #cve #filesystem #linux #sequoia #securityadvisory #qualys

Last updated 3 years ago

Julien M. · @julm
485 followers · 4935 posts · Server framapiaf.org


> Compute Engine () VM takeover via flood - gain root access by getting keys added by google_guest_agent
github.com/irsl/gcp-dhcp-takeo

#ssh #dhcp #gce #google #infosec #securityadvisory

Last updated 4 years ago

Julien M. · @julm
485 followers · 4935 posts · Server framapiaf.org


"Yesterday a patchset was merged to mainline, which could be used to execute code in the kernel due to bugs in ."
openwall.com/lists/oss-securit
"commit is from 2008. So probably all currently maintained distros and deployments are affected, unless something else mitigated the issue in some kernel versions."
openwall.com/lists/oss-securit

#futexes #pi #kernel #linux #securityadvisory #infosec

Last updated 4 years ago

Julien M. · @julm
485 followers · 4935 posts · Server framapiaf.org


Heap-based buffer overflow in (-2021-3156)

"This :
- is by any local user (normal users and system users, sudoers and non-sudoers), without (i.e., the attacker does not need to know the user's password);
- was introduced in July 2011"
openwall.com/lists/oss-securit

#authentication #exploitable #vulnerability #cve #sudo #infosec #securityadvisory #qualys

Last updated 4 years ago

ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online

Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs - Intel released 40 security advisories in total, addressing critical- and high-severity flaws acros... threatpost.com/intel-update-cr -2020-12321 -2020-8752

#nuc #amt #intel #cve #vulnerabilities #securityadvisory #nextunitcomputing #intelwirelessbluetooth #activemanagementtechnology

Last updated 4 years ago

ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft - Admins should patch their Citrix ADC and Gateway installs immediately. more: threatpost.com/citrix-bugs-all -2020-8187 -2020-8190 -2020-8191 -2020-8193 -2020-8194 -2020-8195 -2020-8196 -2020-8197 -2020-8198 -2020-8199

#adc #cve #codeinjection #denialofservice #vulnerabilities #securityadvisory #criticaladvisory #informationdisclosure

Last updated 5 years ago

ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online