Ελληνικά
Summary A flaw in the 7-Zip open-source file archiver tool could enable attackers to craft archives that bypass Windows security warnings, potentially tricking targets into launching malware. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target […]
Author Archives: CSIRT
Summary An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. Affected Products Version Affected Solution FortiOS 7.6 Not affected Not Applicable FortiOS 7.4 Not affected Not Applicable FortiOS 7.2 Not affected Not Applicable FortiOS […]
Latest Crowdstrike Update Issue: The issue seems widespread, affecting machines running various Crowdstrike sensor versions. Crowdstrike has acknowledged the problem and is currently investigating the cause. Many Windows users are experiencing Blue Screen of Death errors following a recent Crowdstrike update, according to reports and a pinned message on the company’s forum. The issue seems […]
Summary A backdoor has been identified in versions 5.6.0 and 5.6.1 of XZ Utils (assigned CVE-2024-3094), which under some conditions may allow RCE via SSH authentication in specific versions of certain Linux distributions. Affected products There are many distributions that are potentially impacted by CVE-2024-3094. The following vendors have publicly addressed the vulnerability: Distro Notes […]
A critical vulnerability (CVE-2021-44228) has recently been discovered that affects Log4j versions from 2.0-beta9 to 2.14.1, and is critical as it can be remotely exploited by a non-authenticated attacker allowing remote code execution (RCE). The vulnerability is rated 10 out of 10 in the Common Vulnerability Rating System (CVSS), which describes how serious the vulnerability […]