Vulnerabilities

CVE-2025-0411: 7-Zip Security Vulnerability Enables Code Execution

Posted on January 23, 2025January 23, 2025 by CSIRT

Summary A flaw in the 7-Zip open-source file archiver tool could enable attackers to craft archives that bypass Windows security warnings, potentially tricking targets into launching malware. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target […]

Continue reading →

Vulnerabilities

Authentication bypass in Node.js websocket module affecting FortiOS and FortiProxy (CVE-2024-55591)

Posted on January 16, 2025January 16, 2025 by CSIRT

Summary An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. Affected Products Version Affected Solution FortiOS 7.6 Not affected Not Applicable FortiOS 7.4 Not affected Not Applicable FortiOS 7.2 Not affected Not Applicable FortiOS […]

Continue reading →

Vulnerabilities

Critical Vulnerability in XZ Utils

Posted on April 8, 2024April 8, 2024 by CSIRT

Summary A backdoor has been identified in versions 5.6.0 and 5.6.1 of XZ Utils (assigned CVE-2024-3094), which under some conditions may allow RCE via SSH authentication in specific versions of certain Linux distributions. Affected products There are many distributions that are potentially impacted by CVE-2024-3094. The following vendors have publicly addressed the vulnerability: Distro Notes […]

Continue reading →

Vulnerabilities

Apache Vulnerability Log4j RCE (CVE-2021-44228)

Posted on December 17, 2021December 17, 2021 by CSIRT

A critical vulnerability (CVE-2021-44228) has recently been discovered that affects Log4j versions from 2.0-beta9 to 2.14.1, and is critical as it can be remotely exploited by a non-authenticated attacker allowing remote code execution (RCE). The vulnerability is rated 10 out of 10 in the Common Vulnerability Rating System (CVSS), which describes how serious the vulnerability […]

Continue reading →

Vulnerabilities

SAP Patches Critical Vulnerabilities in Environmental Compliance

Posted on October 14, 2021October 14, 2021 by CSIRT

By Ionut Arghire On Tuesday, its October 2021 Security Patch Day, SAP announced the release of 13 new security notes and an update for a previously released note. Three of the notes are rated Hot News. The most important of SAP’s security notes (https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983) deals with two critical vulnerabilities in SAP Environmental Compliance. Tracked as CVE-2020-10683 and CVE-2021-23926 (CVSS […]

Continue reading →