Experimental News Clipping Site

Tag: CVE

  • Hacker News: Researchers have identified a total of 6 vulnerabilities in rsync

    by

    Kurt Seifried
    in

    Source URL: https://www.openwall.com/lists/oss-security/2025/01/14/3 Source: Hacker News Title: Researchers have identified a total of 6 vulnerabilities in rsync Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses multiple vulnerabilities identified in the rsync software, including a critical heap buffer overflow that allows arbitrary code execution with minimal access rights. This communication is especially…

  • Cisco Talos Blog: Slew of WavLink vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/slew-of-wavlink-vulnerabilities/ Source: Cisco Talos Blog Title: Slew of WavLink vulnerabilities Feedly Summary: Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application.  The Wavlink AC3000 wireless router is…

  • The Register: Microsoft fixes under-attack privilege-escalation holes in Hyper-V

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/15/patch_tuesday_january_2025/ Source: The Register Title: Microsoft fixes under-attack privilege-escalation holes in Hyper-V Feedly Summary: Plus: Excel hell, angst for Adobe fans, and life’s too Snort for Cisco Patch Tuesday The first Patch Tuesday of 2025 has seen Microsoft address three under-attack privilege-escalation flaws in its Hyper-V hypervisor, plus plenty more problems that deserve…

  • Krebs on Security: Microsoft: Happy 2025. Here’s 161 Security Updates

    by

    Kurt Seifried
    in

    Source URL: https://krebsonsecurity.com/2025/01/microsoft-happy-2025-heres-161-security-updates/ Source: Krebs on Security Title: Microsoft: Happy 2025. Here’s 161 Security Updates Feedly Summary: Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day" weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company…

  • Alerts: CISA Adds Four Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/14/cisa-adds-four-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Four Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-55591 Fortinet FortiOS Authorization Bypass Vulnerability CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability CVE-2025-21334 Microsoft Windows Hyper-V NT…

  • Cisco Talos Blog: Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/january-patch-tuesday-release/ Source: Cisco Talos Blog Title: Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities Feedly Summary: Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”  AI Summary and…

  • Microsoft Security Blog: Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/ Source: Microsoft Security Blog Title: Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions Feedly Summary: Microsoft discovered a macOS vulnerability allowing attackers to bypass System Integrity Protection (SIP) by loading third party kernel extensions, which could lead to serious consequences, such as allowing attackers to install rootkits, create persistent…

  • Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/13/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability CVE-2024-48365 Qlik Sense HTTP Tunneling Vulnerability These types of vulnerabilities…

  • The Register: Cryptojacking, backdoors abound as attackers abuse Aviatrix Controller bug

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/13/severe_aviatrix_controller_vulnerability/ Source: The Register Title: Cryptojacking, backdoors abound as attackers abuse Aviatrix Controller bug Feedly Summary: This is what happens when you publish PoCs immediately “Several cloud deployments" are already compromised following the disclosure of the maximum-severity vulnerability in Aviatrix Controller, researchers say.… AI Summary and Description: Yes Summary: The text discusses a…

  • The Register: Nominet probes network intrusion linked to Ivanti zero-day exploit

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/13/nominet_ivanti_zero_day/ Source: The Register Title: Nominet probes network intrusion linked to Ivanti zero-day exploit Feedly Summary: Unauthorized activity detected, but no backdoors found UK domain registrar Nominet is investigating a potential intrusion into its network related to the latest Ivanti zero-day exploits.… AI Summary and Description: Yes Summary: Nominet, the UK domain registrar,…