Plus récents
yaracroft

CVE-2021-35520 ; CVE-2021-35521 ; CVE-2021-35522 - by exploiting these vulnerabilities, attackers can perform Remote Command Execution (RCE), cause a denial of service (DoS), and read and write arbitrary files on the device

ptsecurity.com/ww-en/about/new

0
yaracroft

CVE-2021-33909 - We discovered a size_t-to-int conversion vulnerability in the kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string //deleted to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. We successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other Linux distributions are certainly vulnerable, and probably exploitable. Our exploit requires approximately 5GB of memory and 1M inodes; we will publish it in the near future.

qualys.com/2021/07/20/cve-2021

0
yaracroft

CVE-2021-3438 - 16 Years In Hiding - Millions of Worldwide Vulnerable. This led to the discovery of a high severity vulnerability in HP, Xerox, and Samsung printer driver that has remained undisclosed for 16 years. Millions of devices and likely millions of users worldwide. This vulnerability affects a very long list of over 380 different and printer models as well as at least a dozen different products.

labs.sentinelone.com/cve-2021-

0
yaracroft

Multiples vulnerabilities discovered in products

support.apple.com/en-us/HT2012

0
yaracroft

💥 WARNING 💥 July 14, 2021 STOP and DISABLE the « Print Spooler » service on all Active Directory (AD) Domain Controllers (DC)

CISA has determined that this vulnerability poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action. This determination is based on the current exploitation of this vulnerability by threat actors in the wild, the likelihood of further exploitation of the vulnerability, the prevalence of the affected in the federal enterprise and the high potential for a compromise of agency information systems

cyber.dhs.gov/ed/21-04/

0
yaracroft

Bridge : This update addresses critical & moderate vulnerabilities that could lead to arbitrary code execution in the context of the current user

0
yaracroft

Acrobat and Reader : These updates address multiple critical & important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user

0
yaracroft

 Framemaker : This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user

0
yaracroft

 Illustrator 2021 : This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary code execution in the context of current user

0
yaracroft

Dimension : This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary code execution in the context of current user

0
yaracroft

Multiples vulnerabilities discovered in products

wiki.scn.sap.com/wiki/pages/vi

0
yaracroft

CVE-2021-22928 - A vulnerability has been identified in Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM

support.citrix.com/article/CTX

0
yaracroft

Multiples vulnerabilities discovered in Microsoft products

msrc.microsoft.com/update-guid

0
yaracroft

Multiple vulnerabilities in VMware ESXi products

vmware.com/security/advisories

0

yaracroft recommande :

informatique

2,96K

threats

2,03K

ransomware

1,24K

france

589

vuln

270

europe

125

tools

124

infosec

61

phishing

48
nanao

Comme le soleil, les machines ne se couchent jamais.

Ressources

Développeurs

Qu’est-ce que Mastodon ?

nanao.cybtex.fr

Davantage…