#CVE #Vim
Be careful even in #Linux when you open a file from unfamiliar sources!
And don't use Vim with default config (or cat without -v):
https://thehackernews.com/2019/06/linux-vim-vulnerability.html?m=1
Be careful even in #Linux when you open a file from unfamiliar sources!
And don't use Vim with default config (or cat without -v):
https://thehackernews.com/2019/06/linux-vim-vulnerability.html?m=1
#CVE #Exim
In the discussion, some mention the lack of antivirus for #Linux. It seems to me that regular backups (and checking from deployment) are more important. Not to mention the updates.
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
https://habr.com/en/post/455598/
In the discussion, some mention the lack of antivirus for #Linux. It seems to me that regular backups (and checking from deployment) are more important. Not to mention the updates.
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
https://habr.com/en/post/455598/
Хабр
Срочно обновляйте exim до 4.92 — идёт активное заражение
Коллеги, кто использует на своих почтовых серверах Exim версий 4.87...4.91 — срочно обновляйтесь до версии 4.92, предварительно остановив сам Exim во избежание в...
#Zoom #webcam possible #CVE
https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
Medium
Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
Vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially…
#security #CVE
CVE-2019-1347: When a #mouse over a file is enough to crash your system:
https://blog.tetrane.com/2019/11/12/pe-parser-crash.html (via)
CVE-2019-1347: When a #mouse over a file is enough to crash your system:
https://blog.tetrane.com/2019/11/12/pe-parser-crash.html (via)
Twitter
NoNamePodcast
CVE-2019-1347: When a mouse over a file is enough to crash your system https://t.co/O4UMHFCDK5
#security #CVE
#Apple yesterday rolled out a bunch of updates for its devices, and in almost all updates a lot of different security holes have been fixed, so updates are highly recommended for installation.
https://support.apple.com/en-us/HT210919
https://support.apple.com/en-us/HT201222
#Apple yesterday rolled out a bunch of updates for its devices, and in almost all updates a lot of different security holes have been fixed, so updates are highly recommended for installation.
https://support.apple.com/en-us/HT210919
https://support.apple.com/en-us/HT201222
Apple Support
About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra
This document describes the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra.
Forwarded from neel
SECMON - Automation Tool For Infosec And Vulnerability Management
#vulnerabilities #cybersecurity #CVE #Infosec #SECMON
https://reconshell.com/secmon-automation-tool-for-infosec-and-vulnerability-management/
#vulnerabilities #cybersecurity #CVE #Infosec #SECMON
https://reconshell.com/secmon-automation-tool-for-infosec-and-vulnerability-management/
#security #CVE #proxy
A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks.
https://thehackernews.com/2021/09/haproxy-found-vulnerable-to-critical.html
A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks.
https://thehackernews.com/2021/09/haproxy-found-vulnerable-to-critical.html
For the new era - the new type of information's source!
Receive #CVE Trends from Twitter in one dashboard - https://cvetrends.com/
"CVE Trends gathers crowdsourced intel about CVEs from Twitter's filtered stream API and combines it with data from NIST's NVD and GitHub APIs."
Receive #CVE Trends from Twitter in one dashboard - https://cvetrends.com/
"CVE Trends gathers crowdsourced intel about CVEs from Twitter's filtered stream API and combines it with data from NIST's NVD and GitHub APIs."
CVE Trends
CVE Trends - crowdsourced CVE intel
Monitor trending CVEs in real-time; crowdsourced intel sourced from Twitter, NIST NVD, Reddit, and GitHub.
#CVE
Patch Tuesday from Microsoft
Description: https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24521
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24491
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24497
Patch Tuesday from Microsoft
Description: https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24521
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24491
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24497
#security #CVE #GitLab
The most critical security issue GitLab patched has the maximum severity score (10 out of 10) and is being tracked as CVE-2023-7028. Successful exploitation does not require any interaction.
https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-zero-click-account-hijacking-vulnerability/
The most critical security issue GitLab patched has the maximum severity score (10 out of 10) and is being tracked as CVE-2023-7028. Successful exploitation does not require any interaction.
https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-zero-click-account-hijacking-vulnerability/
BleepingComputer
GitLab warns of critical zero-click account hijacking vulnerability
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.
😱2🔥1👀1
мій смітник 🇺🇦
Photo
FixupX
The Lunduke Journal (@LundukeJournal)
Windows Notepad.exe now has a remote code execution vulnerability.
You read that right.
Notepad.exe, which used to be a simple text editor, has had so many network connect features added (including AI and Microsoft account subscriptions)… that it now has…
You read that right.
Notepad.exe, which used to be a simple text editor, has had so many network connect features added (including AI and Microsoft account subscriptions)… that it now has…
😁2🤯2🔥1