Linux Kernel ksmbd Use-After-Free RCE Vulnerability
Security researchers have discovered a Critical remote code execution (RCE) vulnerability in Linux 5.15 Kernel Server Message Block (SMB) server, ksmbd.
Security researchers have discovered a Critical remote code execution (RCE) vulnerability in Linux 5.15 Kernel Server Message Block (SMB) server, ksmbd.
The Microsoft October 2022 Security Updates includes patches and advisories for 84 vulnerabilities, including 2 zero-day and 13 Critical severity issues. However, the ProxyNotShell vulnerabilities were not addressed.
The Cybersecurity and Infrastructure Security Agency (CISA) has added one Microsoft Support Diagnostic Tool (MSDT) vulnerability CVE-2022-30190 (aka “Follina”) to its Known Exploited Vulnerabilities Catalog.
The Microsoft June 2022 Security Updates includes patches and advisories for 55 vulnerabilities, three of those rated Critical severity.
It was a relatively light Patch Tuesday for Microsoft this month. The Microsoft February 2022 Security Updates includes patches and advisories for 50 vulnerabilities, 16 of those remote code execution flaws and one zero-day (CVE-2022-21989). None are rated Critical.
The Apache Software Foundation has released a new security update to address another Log4j vulnerability (CVE-2021-44832) where Log4j2 is vulnerable to remote code execution (RCE) via JDBC Appender when an attacker controls a configuration file.
Microsoft has warned of active exploits in the wild for an MSHTML RCE Vulnerability (CVE-2021-40444). The tech giant also released workarounds for the threat until a permanent fix is released.
Fortinet has patched a High risk use-after-free vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer fgfmsd daemon. An attacker could exploit the vulnerability to launch remote code execution (RCE) as root and take control of an impacted system.
Microsoft has released the June 2021 Security updates that includes patches for 50 vulnerabilities, 5 of those rated Critical. The updates also include fixes for 6 zero-day flaws exploited in the wild.
A security researcher has published proof-of-concept (PoC) exploit code for a Windows HTTP protocol stack remote code execution (RCE) vulnerability CVE-2021-31166.