389 matches found
January Linux Patch Wednesday
JanuaryLinux Patch Wednesday. Out of 424 total vulnerabilities, 271 are in the Linux Kernel. None show signs of exploitation in the wild, but 9 have public exploits. RCE - Apache Tomcat CVE-2024-56337. Based on the description, the vulnerability affects "case-insensitive file systems" like Window...
AM Live Vulnerability Management Conference 2022: my impressions and position
Hello everyone! This episode will be about the AM Live Vulnerability Management online conference. I participated in it on May 17th. Alternative video link for Russia: The event lasted 2 hours. Repeating everything that has been said is difficult and makes little sense. Those who want can watch t...
CISO Forum 2022: the first major Russian security conference in the New Reality
Hello everyone! After a two-year break, I took part in Moscow CISO Forum 2022 with a small talk "Malicious open source: the cost of using someone elses code". Alternative video link for Russia: CISO Forum is the first major Russian conference since the beginning of The New Reality of Information...
New episode “In The Trend of VM” (#11): vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024
New episode "In The Trend of VM" 11: vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024. I made this episode exclusively for the Telegram channel @avleonovcom "Vulnerability Management and More". Video on YouTube, LinkedIn Post on Habr rus...
About Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972) vulnerability
About Authentication Bypass - Hunk Companion WordPress plugin CVE-2024-11972 vulnerability. ThemeHunk company develops commercial themes for WordPress CMS. And the Hunk Companion plugin is designed to complement and enhance the functionality of these themes. The plugin has over 10,000...
The severity of the Elevation of Privilege – Windows Kernel-Mode Driver (CVE-2024-35250) vulnerability has increased
The severity of the Elevation of Privilege - Windows Kernel-Mode Driver CVE-2024-35250 vulnerability has increased. This vulnerability was fixed as part of the June Microsoft Patch Tuesday. As in the case of the CVE-2024-30090 vulnerability, it was discovered by a researcher with the nickname...
Scanvus – my open source Vulnerability Scanner for Linux hosts and Docker images
Hello everyone! This video was recorded for the VMconf 22 Vulnerability Management conference, vmconf.pw. I will be talking about my open source project Scanvus. This project is already a year old and I use it almost every day. Alternative video link for Russia: Scanvus Simple Credentialed...
About Elevation of Privilege – Windows Process Activation (CVE-2025-21204) vulnerability
About Elevation of Privilege - Windows Process Activation CVE-2025-21204 vulnerability. This vulnerability from the April Microsoft Patch Tuesday was not highlighted by VM vendors in their reviews. It affects the Windows Update Stack component and is related to improper link resolution before fil...
About Remote Code Execution – Microsoft Configuration Manager (CVE-2024-43468) vulnerability
About Remote Code Execution - Microsoft Configuration Manager CVE-2024-43468 vulnerability. This vulnerability is from the October 2024 MSPT. Microsoft Configuration Manager ConfigMgr is used to manage large groups of computers, providing remote control, patch management, software distribution,...
About Authentication Bypass – FortiOS (CVE-2024-55591) vulnerability
About Authentication Bypass - FortiOS CVE-2024-55591 vulnerability. A critical flaw allows remote attackers to gain super-admin privileges via crafted requests to the Node.js websocket module. Affected systems include Fortinet devices running FortiOS e.g., FortiGate NGFW and FortiProxy. On Januar...
The Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) has become more critical
The Elevation of Privilege - Windows Common Log File System Driver CVE-2024-49138 has become more critical. Just as I wrote that nothing had been heard about this vulnerability for a month since it was first published in Microsoft's December Patch Tuesday, a public exploit for it appeared on...
The severity of the Elevation of Privilege – Microsoft Streaming Service (CVE-2024-30090) vulnerability has increased
The severity of the Elevation of Privilege - Microsoft Streaming Service CVE-2024-30090 vulnerability has increased. The vulnerability was fixed as part of the June Microsoft Patch Tuesday. At that time, no one highlighted this vulnerability. The vulnerability was discovered by a researcher with...
June Linux Patch Wednesday
JuneLinux Patch Wednesday. This time, there are 598 vulnerabilities, almost half as many as in May. Of these, 355 are in the Linux Kernel. There are signs of exploitation in the wild for 3 vulnerabilities CISA KEV. SFB - Chromium CVE-2025-2783 MemCor - Chromium CVE-2025-5419 CodeInj - Hibernate...
June Microsoft Patch Tuesday
June Microsoft Patch Tuesday. A total of 81 vulnerabilities, roughly the same as in May. Among them, 15 vulnerabilities were added between the May and June MSPT. There are 3 vulnerabilities with signs of exploitation in the wild: RCE - WEBDAV/Internet Shortcut Files CVE-2025-33053. For successful...
April Microsoft Patch Tuesday
April Microsoft Patch Tuesday. A total of 153 vulnerabilities, 2 times more than in March. Of these, 32 were added between the March and April MSPTs. Three vulnerabilities show signs of exploitation in the wild: EoP - Windows Common Log File System Driver CVE-2025-29824. An attacker can gain SYST...
About Remote Code Execution – Kubernetes (CVE-2025-1974) vulnerability
About Remote Code Execution - Kubernetes CVE-2025-1974 vulnerability. An unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. In the default...
About Authentication Bypass – PAN-OS (CVE-2025-0108) vulnerability
About Authentication Bypass - PAN-OS CVE-2025-0108 vulnerability. PAN-OS is the operating system used in all Palo Alto Network NGFWs. This vulnerability allows an unauthenticated attacker to gain access to the PAN-OS management web interface. The attacker can then "invoke certain PHP scripts",...
About Remote Code Execution – XWiki Platform (CVE-2024-31982) vulnerability
About Remote Code Execution - XWiki Platform CVE-2024-31982 vulnerability. XWiki is a free open-source wiki platform. Its main feature is simplified extensibility. XWiki is often used in corporate environments as a replacement for commercial Wiki solutions such as Atlassian Confluence. A...
CISO Forum 2017
Last week I have attended CISO Forum 2017 in Moscow. I was talking there about "Vulnerability Quadrants: automated hot topic detection in public vulnerability CVE flow". Today I want to share my impressions about the forum itself. To be short, I liked it very much. Both exhibition and...
June “In the Trend of VM” (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver
June "In the Trend of VM" 16: vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver. A traditional monthly vulnerability roundup. Post on Habr rus Digest on the PT website rus A total of 7 trending vulnerabilities: Elevation of...
Vulnerabilities of Western logistics
Vulnerabilities of Western logistics. On May 21, Western intelligence agencies released joint advisory AA25-141A about attacks targeting infrastructure of Western logistics and tech companies. Alongside the usual Five Eyes, intelligence services from Germany, Czech Republic, Poland, Denmark,...
May
MayLinux Patch Wednesday. This time: 1091 vulnerabilities. Of those, 716 are in the Linux Kernel. 5 vulnerabilities are exploited in the wild: RCE - PHP CSS Parser CVE-2020-13756. In AttackerKB, an exploit exists. DoS - Apache ActiveMQ CVE-2025-27533. In AttackerKB, an exploit exists. SFB -...
About Remote Code Execution – 7-Zip (BDU:2025-01793) vulnerability
About Remote Code Execution - 7-Zip BDU:2025-01793 vulnerability. It's about the fact that files unpacked using 7-Zip don't get the Mark-of-the-Web. As a result, Windows security mechanisms don't block the execution of the unpacked malware. If you remember, there was a similar vulnerability in...
February Linux Patch Wednesday
FebruaryLinux Patch Wednesday. There are 561 vulnerabilities in total. 338 in Linux Kernel. Formally, there is one vulnerability with a sign of exploitation in the wild: RCE - 7-Zip CVE-2025-0411. But it is about Windows MoTW and, naturally, is not exploitable on Linux. There are public exploits...
About Elevation of Privilege – Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335) vulnerability
About Elevation of Privilege - Windows Hyper-V NT Kernel Integration VSP CVE-2025-21333, CVE-2025-21334, CVE-2025-21335 vulnerability. These three vulnerabilities were disclosed as part of Microsoft's January Patch Tuesday and share the same description. They were found in a component used for...
About Remote Code Execution – Apache Struts (CVE-2024-53677) vulnerability
About Remote Code Execution - Apache Struts CVE-2024-53677 vulnerability. Apache Struts is an open source software framework for building Java web applications. It allows developers to separate the application's business logic from the user interface. Due to its scalability and flexibility, Apach...
About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)
About Remote Code Execution - Windows Lightweight Directory Access Protocol LDAP CVE-2024-49112. The vulnerability is from the December Microsoft Patch Tuesday. Three weeks later, on January 1, researchers from SafeBreach released a write-up on this vulnerability, labeled as LDAPNightmare , and a...
About Elevation of Privilege – needrestart (CVE-2024-48990) vulnerability
About Elevation of Privilege - needrestart CVE-2024-48990 vulnerability. On November 19, Qualys released a security bulletin about five privilege escalation vulnerabilities in the needrestart utility CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003 used in Ubuntu...
About Path Traversal – Zyxel firewall (CVE-2024-11667) vulnerability
About Path Traversal - Zyxel firewall CVE-2024-11667 vulnerability. A directory traversal vulnerability in the web management interface of Zyxel firewall could allow an attacker to download or upload files via a crafted URL. The vulnerability affects Zyxel ZLD firmware versions from 5.00 to 5.38,...
New episode “In The Trend of VM” (#9): 4 trending vulnerabilities of October, scandal at The Linux Foundation, social “attack on the complainer”, “Ford’s method” for motivating IT specialists to fix vulnerabilities
New episode "In The Trend of VM" 9: 4 trending vulnerabilities of October, scandal at The Linux Foundation, social "attack on the complainer", "Ford's method" for motivating IT specialists to fix vulnerabilities. The competition for the best question on the topic of VM continues. Video on YouTube...
Making Splunk searches using REST API
When you have already learned how to make search requests in Splunk GUI, it may be nice to figure out how do the same from your own scripts using the Splunk REST API. It's really easy! Ok, we have a Splunk SIEM account: user="user" pass="Password123" And we want to execute this search request:...
February Linux Patch Wednesday
FebruaryLinux Patch Wednesday. In February, Linux vendors addressed 632 vulnerabilities - 1.5× fewer than in January, including 305 in the Linux Kernel. Two vulnerabilities show signs of in-the-wild exploitation: 🔻 RCE - Chromium CVE-2026-2441 🔻 InfDisc - MongoDB "MongoBleed" CVE-2025-14847 Publi...
About Spoofing – Windows NTLM (CVE-2025-24054) vulnerability
About Spoofing - Windows NTLM CVE-2025-24054 vulnerability. It was patched in the March Microsoft Patch Tuesday. VM vendors didn't mention this vulnerability in their reviews; it was only known to be exploited via user interaction with a malicious file. A month later, on April 16, Check Point...
About Remote Code Execution – Windows OLE (CVE-2025-21298) vulnerability
About Remote Code Execution - Windows OLE CVE-2025-21298 vulnerability. The vulnerability is from the January Microsoft Patch Tuesday. OLE Object Linking and Embedding is a technology for linking and embedding objects into other documents and objects, developed by Microsoft. A common use of this...
About Elevation of Privilege – Windows Kernel Streaming WOW Thunk Service Driver (CVE-2024-38144) vulnerability
About Elevation of Privilege - Windows Kernel Streaming WOW Thunk Service Driver CVE-2024-38144 vulnerability. The vulnerability is from the August Microsoft Patch Tuesday. It wasn't highlighted in reviews; all we knew was that a local attacker could gain SYSTEM privileges. Three and a half month...
About Authentication Bypass – PAN-OS (CVE-2024-0012) vulnerability
About Authentication Bypass - PAN-OS CVE-2024-0012 vulnerability. An unauthenticated attacker with network access to the Palo Alto device web management interface could gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other...
Tracking software versions using Nessus and Splunk
Let's say you have already exported scan results from Nessus or Tenable SecurityCenter to Splunk using HTTP event connector, or in some other way. And you see that some critical software vulnerability was published. For example, this month Jira critical vulnerability. How to find out, do we have...
November Linux Patch Wednesday
NovemberLinux Patch Wednesday. In November, Linux vendors began fixing 516 vulnerabilities, one and a half times fewer than in October. Of these, 232 are in the Linux Kernel. One vulnerability is exploited in the wild: MemCor - Chromium CVE-2025-13223. Added to CISA KEV on November 19. For 64 mor...
About Elevation of Privilege – Windows Cloud Files Mini Filter Driver (CVE-2024-30085) vulnerability
About Elevation of Privilege - Windows Cloud Files Mini Filter Driver CVE-2024-30085 vulnerability. cldflt.sys is a Windows Cloud Files Mini Filter driver responsible for representing cloud-stored files and folders as if they were located on the local machine. The vulnerability in this driver,...
About Remote Code Execution – Veeam Backup & Replication (CVE-2025-23120) vulnerability
About Remote Code Execution - Veeam Backup & Replication CVE-2025-23120 vulnerability. Veeam B&R is a client-server software solution for centralized backup of virtual machines in VMware vSphere and Microsoft Hyper-V environments. A deserialization flaw CWE-502 lets an attacker run arbitrary code...
About Remote Code Execution – 7-Zip (CVE-2025-0411) vulnerability
About Remote Code Execution - 7-Zip CVE-2025-0411 vulnerability. 7-Zip is a popular, free, open-source archiver widely used by organizations as a standard tool for managing archives. The vulnerability is a bypass of the Mark-of-the-Web mechanism. If you download and run a suspicious executable fi...
What has become known about the Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later?
What has become known about the Elevation of Privilege - Windows Common Log File System Driver CVE-2024-49138 vulnerability from the December Microsoft Patch Tuesdaya month later? Almost nothing. This is a vulnerability in a standard Windows component, available in all versions starting with...
The severity of the Remote Code Execution – Microsoft SharePoint (CVE-2024-38094) vulnerability has increased
The severity of the Remote Code Execution - Microsoft SharePoint CVE-2024-38094 vulnerability has increased. It was fixed as part of the July Microsoft Patch Tuesday July 9. SharePoint is a popular platform for corporate portals. According to the Microsoft bulletin, аn authenticated attacker with...
April Microsoft Patch Tuesday
April Microsoft Patch Tuesday. A total of 167 vulnerabilities, about twice as many as in March. There is one vulnerability already being exploited in the wild: 🔻 Spoofing - Microsoft SharePoint Server CVE-2026-32201. ZDI experts say "Spoofing bugs in SharePoint often manifest as cross-site...
November “In the Trend of VM” (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux
November "In the Trend of VM" 21: vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux. The usual monthly roundup. After several months, here's a big one. Post on Habr rus Post on SecurityLab rus Digest on the PT website rus A total of nine vulnerabilities: RCE -...
About Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-32701, CVE-2025-32706) vulnerabilities
About Elevation of Privilege - Windows Common Log File System Driver CVE-2025-32701, CVE-2025-32706 vulnerabilities. When Microsoft disclosed these vulnerabilities in the May Patch Tuesday, attackers were already exploiting them in the wild. The Common Log File System CLFS is a general-purpose...
About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability
About Elevation of Privilege - PAN-OS CVE-2024-9474 vulnerability. An attacker with PAN-OS administrator access to the management web interface can perform actions on the Palo Alto device with root privileges. Linux commands can be injected via unvalidated input in script. The need for...
End of CentOS Linux. Where to migrate?
Hello everyone! As you probably know, CentOS Linux, the main Enterprise-level Linux server distribution, will soon disappear. It wasnt hard to predict when RedHat acquired CentOS in 2014, and now it is actually happening. End of life of CentOS Linux 8 was 31.12.2021. There wont be CentOS Linux as...
VMconf 22: Why Didn’t It Work As Planned and What’s Next?
Hello everyone! In this episode, I want to talk about VMconf 22. It was an experiment from the beginning. Is it possible to host a Vulnerability Management event with little effort and budget? Looks like no. So I would like to talk about why the original idea failed and the future of VMconf. The...
CISO Forum and the problems of Vulnerability Databases
Last Tuesday, April 24, I was at "CISO FORUM 2020: glance to the future". I presented there my report "Vulnerability Databases: sifting thousands tons of verbal ore". In this post, I'll briefly talk about this report and about the event itself. My speech was the last in the program. At the same...