CVE-2021-44228,CVE-2021-45046,CVE-2021-4104: 有关 Log4Shell 和关联漏洞的常见问题
与 Log4Shell 和相关漏洞相关的常见问题列表。
Microsoft’s December 2021 Patch Tuesday Addresses 67 CVEs (CVE-2021-43890)
Microsoft addresses 67 CVEs in its December 2021 Patch Tuesday release, including a zero-day vulnerability that has been exploited in the wild.
Apache Log4j 缺陷:网络安全行业的福岛时刻
Organizations around the world will be dealing with the long-tail consequences of this vulnerability, known as Log4Shell, for years to come.
Apache Log4j 缺陷让第三方软件成为关注焦点
Even in the most mature organizations, addressing the issue, also known as Log4Shell, requires a complex mix of software development practices, vulnerability management and web application scanning.
CVE-2021-44228: Apache Log4j 严重远程代码执行漏洞概念验证现已可用 (Log4Shell)
常用日志记录库 Log4j 2 中的严重漏洞影响了许多服务和应用程序,包括 Minecraft、Steam 和 Apple iCloud。攻击者已经开始主动扫描并试图利用该缺陷。
CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited
The Apache HTTP Server Project patched a path traversal vulnerability introduced less than a month ago that has been exploited in the wild.Update October 7: The Solution section has been updated to reflect the secondary fix the Apache HTTP Server Project released.BackgroundOn October 5, the Apache…
CVE-2021-38647 (OMIGOD): Critical Flaw Leaves Azure Linux VMs Vulnerable to Remote Code Execution
Agents installed by default on Azure Linux virtual machines are vulnerable to a remote code execution flaw that can be exploited with a single request. Background On September 14, researchers at Wiz disclosed a set of four vulnerabilities in Microsoft’s Open Management Infrastructure (OMI), an…
CVE-2021-34527: Microsoft Releases Out-of-Band Patch for PrintNightmare Vulnerability in Windows Print Spooler
Microsoft issues an out-of-band patch for critical ‘PrintNightmare’ vulnerability following reports of in-the-wild exploitation and publication of multiple proof-of-concept exploit scripts Update July 9, 2021: The Solution section has been updated to clarify the vulnerable configurations as well…
Elon Musk and YouTube Advertising Scams: Fake SpaceX “Coin” Promoted in Ads During Cryptocurrency Videos
Scammers are on pace to steal nearly $1 million USD from unsuspecting users through a popular decentralized finance protocol, Uniswap, by abusing YouTube to promote a fake SpaceX coin as part of ads appearing before and during cryptocurrency videos.BackgroundIn early May, scammers compromised…
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065: Four Zero-Day Vulnerabilities in Microsoft Exchange Server Exploited in the Wild
Four zero-day vulnerabilities in Microsoft Exchange servers have been used in chained attacks in the wild.Update March 8, 2021: The Identifying Affected Systems section has been updated with information about the availability of additional plugins as well as a link to our blog post that details…
CVE-2020-14882:Oracle WebLogic 远程代码执行漏洞在现实环境中遭利用
A remote code execution vulnerability in Oracle WebLogic Server has been actively exploited in the wild just one week after a patch was released and one day after a proof of concept was published.Update October 30, 2020: The solutions section has been updated to reflect the disclosure of a…
Multiple Vulnerabilities in CodeMeter Leave Managed Industrial Control Systems Open to Attack
Six vulnerabilities in a popular license management product put industrial control systems at risk for remote attacks. Background On September 8, researchers at Claroty published their detailed analysis, dubbed “License to Kill,” covering several vulnerabilities they discovered in CodeMeter…
