BugAlert.org
@BugAlertDotOrg
http://BugAlert.org is a service for alerting security and IT professionals of high-impact and 0day vulnerabilities. Follow for vuln information and general updates.
Może Ci się spodobać
A privilege escalation flaw has been found, and is being actively exploited, in Atlassian Confluence, and has been assigned a bug alert severity of 'very high'. Atlassian recommends removing installations from the Intern... bugalert.org/content/notice… #BugAlertNotice
We will be leaving Twitter in the coming days and setting up on the infosec.exchange Mastodon server. An announcement will be made when we're ready to transition. In the meantime, please consider joining our Slack. Spread the word 🙏 #BugAlertNews join.slack.com/t/bug-alert/sh…
This is a test notice, which you have opted in to. Bug Alert has completed integrating Twilio support for international calls and SMS. Save our phone number to your contacts! bugalert.org/content/notice… #BugAlertNotice
tl;dr on the OpenSSL vuln: it seemed bad originally, but then OpenSSL realized it wasn't critical after all. Treat it like any other software flaw and follow your normal patching cycle. Unlikely to be exploited in real-world configurations.
On Tuesday Nov 1st between 9-11am EDT, a security fix will be released for a critical OpenSSL 3.0.x vuln. Ubuntu 22.04 & RHEL 9 impacted. Docker ubuntu:latest also impacted. Latest releases of Alpine/Debian/AL2 not impacted, they use 1.1.x lineage. Last critical (2016) was RCE.
Still lots of unwarranted panic on this CVE, which some people are referring to as #text4shell. It's clear that this vulnerability has a number of preconditions that are unlikely to be found in the real world. There is no cause for alarm.
Bug Alert is watching CVE-2022-42889 (RCE in Apache Commons Text v1.5 - v1.9) carefully. So far, not seeing much evidence that this is widely exploitable, but we'll fire off a notice if that changes.
Bug Alert is watching CVE-2022-42889 (RCE in Apache Commons Text v1.5 - v1.9) carefully. So far, not seeing much evidence that this is widely exploitable, but we'll fire off a notice if that changes.
FYI if you host a Bitbucket install, unauth RCE: confluence.atlassian.com/bitbucketserve… Not in widespread enough use for a full-on Bug Alert notice, though.
Multiple Vulnerabilities have been disclosed in Atlassian Products. A hardcoded credential vulnerability in Questions for Confluence, and Servlet Filter Bypass Vulnerabilities have been found in multiple Atlassian produc... bugalert.org/content/notice… #BugAlertNotice
Patches now available for Atlassian Confluence: atlassian.com/software/confl…
An authentication bypass vulnerability has been found in Atlassian Jira. This issue can be exploited in the default configuration, and has been assigned a bug alert severity of 'very high'. bugalert.org/content/notice… #BugAlertNotice
United States Trendy
- 1. Ace Frehley 26.2K posts
- 2. John Bolton 97.7K posts
- 3. RIP Spaceman N/A
- 4. Asheville 7,766 posts
- 5. #NationalBreadDay 1,873 posts
- 6. Glasnow 2,652 posts
- 7. Ashby 1,694 posts
- 8. Space Ace N/A
- 9. Steelers 28K posts
- 10. New York Groove N/A
- 11. Putin 192K posts
- 12. Mitch McConnell 44.2K posts
- 13. Jacob Misiorowski N/A
- 14. #KissArmy N/A
- 15. Jake Bauers N/A
- 16. Cam Taylor N/A
- 17. #KonamiWorldSeriesSweepstakes 2,153 posts
- 18. Andrade 12.8K posts
- 19. Smartmatic 6,948 posts
- 20. Curt Cignetti 6,658 posts
Może Ci się spodobać
-
Dark Web Intelligence
@DailyDarkWeb -
Google VRP (Google Bug Hunters)
@GoogleVRP -
/r/netsec
@_r_netsec -
Nicolas Krassas
@Dinosn -
Naeem Ahmed Sayed 🇧🇩
@0xNaeem -
Cyber Advising
@cyber_advising -
Monitor AWS Managed IAM Policies
@mamip_aws -
Wazuh
@wazuh -
🥝🏳️🌈 Benjamin Delpy
@gentilkiwi -
CyberDefenders®™
@CyberDefenders -
Sean Metcalf
@PyroTek3 -
ippsec
@ippsec -
Barbhack
@_barbhack_ -
rootsecdev
@rootsecdev -
ThreatDown
@Threat_Down
Something went wrong.
Something went wrong.