sudoedit (`sudo -e`) security flaw (CVE-2023-22809)
Security vulnerability A new sudo vulnerability was found. It was on sudoedit (sudo -e) flaw. With it, attackers can edit arbitrary files, and therefore machines were at the risk of the pwned and having information steeled. ...
ReadCVE vulnerabilities on Google Chrome prior to releases around on Dec. 2022
Overview Google Chrome vulnerabilities CVE-2023-0140 (and more) Chrome on Windows (and more), whose version is prior to 109.0.5414.74, has risk to make remote attack easy. ...
ReadA new RCE vulnerability on Log4j 2.17.0 (CVE-2021-4483)
Log4j 2.17.1 was released because a new vulnerability on RCE (Remote Code Execution) had been found in 2.17.0. (CVE-2021-4483) According to The Apache Software Founndation, CVSS is 6. ...
ReadLog4j 2: New vulnerability on DoS in 2.16.0 and below
Log4j 2.17.0 was released due to security reason. It fixes DoS vulnerability in 2.16.0 and below on v2. As to the new vulnerability on DoS (denial-of-service), it’s safe with a default Pattern Layout where a Context Lookup such as $${ctx:loginId} are NOT used in logging configuration. ...
ReadNew Log4j vulnerability was found in 2.15.0 which is less dangerous
As to Log4j, found and reported was the new vulnerability also in 2.15.0 as CVE-2021-45046. It was fixed in the next 2. ...
ReadAbout Apache Log4j RCE vulnerability (CVE-2021-44228)
Summary Caused by Apache Log4j’s JNDI (“Java Naming and Directory Interface”) features. How is it severe? The CVSS score is 10, the maximum, which means the highest risk. ...
ReadApache Log4j RCE vulnerability (CVE-2021-44228): Attack trials detected
Today, our company detected attack trials on Apache Log4j RCE vulnerability (CVE-2021-44228) due to its JNDI (“Java Naming and Directory Interface”) features to one of our servers in Swiss: ...
Read
7 post(s) found.