Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
7 résultats taggé vulnerabilty  ✕
Qualys TRU Uncovers Chained LPE: SUSE 15 PAM to Full Root via libblockdev/udisks | Qualys https://blog.qualys.com/vulnerabilities-threat-research/2025/06/17/qualys-tru-uncovers-chained-lpe-suse-15-pam-to-full-root-via-libblockdev-udisks
20/06/2025 09:04:35
QRCode
archive.org
thumbnail

The Qualys Threat Research Unit (TRU) has discovered two linked local privilege escalation (LPE) flaws.

The first (CVE-2025-6018) resides in the PAM configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15. Using this vulnerability, an unprivileged local attacker—for example, via SSH—can elevate to the “allow_active” user and invoke polkit actions normally reserved for a physically present user.

The second (CVE-2025-6019) affects libblockdev, is exploitable via the udisks daemon included by default on most Linux distributions, and allows an “allow_active” user to gain full root privileges. Although CVE-2025-6019 on its own requires existing allow_active context, chaining it with CVE-2025-6018 enables a purely unprivileged attacker to achieve full root access.

This libblockdev/udisks flaw is extremely significant. Although it nominally requires “allow_active” privileges, udisks ships by default on almost all Linux distributions, so nearly any system is vulnerable. Techniques to gain “allow_active”, including the PAM issue disclosed here, further negate that barrier. An attacker can chain these vulnerabilities for immediate root compromise with minimal effort. Given the ubiquity of udisks and the simplicity of the exploit, organizations must treat this as a critical, universal risk and deploy patches without delay.

The Qualys Threat Research Unit (TRU) has developed proof-of-concept exploits to validate these vulnerabilities on various operating systems, successfully targeting the libblockdev/udisks flaw on Ubuntu, Debian, Fedora, and openSUSE Leap 15.

qualys EN vulnerabilty CVE-2025-6018 CVE-2025-6019 libblockdev udisks Linux
All Major Gen-AI Models Vulnerable to ‘Policy Puppetry’ Prompt Injection Attack https://www.securityweek.com/all-major-gen-ai-models-vulnerable-to-policy-puppetry-prompt-injection-attack/
25/04/2025 21:42:03
QRCode
archive.org

A new attack technique named Policy Puppetry can break the protections of major gen-AI models to produce harmful outputs.

securityweek EN 2025 technique Gen-AI Models Policy-Puppetry AI vulnerabilty
CVE-2025-32955: Security mechanism bypass in Harden-Runner Github Action https://sysdig.com/blog/security-mechanism-bypass-in-harden-runner-github-action/
23/04/2025 08:09:24
QRCode
archive.org

The Sysdig Threat Research Team (TRT) has discovered CVE-2025-32955, a now-patched vulnerability in Harden-Runner, one of the most popular GitHub Action CI/CD security tools. Exploiting this vulnerability allows an attacker to bypass Harden-Runner’s disable-sudo security mechanism, effectively evading detection within the continuous integration/continuous delivery (CI/CD) pipeline under certain conditions. To mitigate this risk, users are strongly advised to update to the latest version.

The CVE has been assigned a CVSS v3.1 base score of 6.0.

sysdig CVE-2025-32955 EN 2025 research vulnerabilty CI/CD Harden-Runner GitHub Action
CVE-2025-29927: Next.js Middleware Authorization Bypass https://projectdiscovery.io/blog/nextjs-middleware-authorization-bypass
27/03/2025 08:44:44
QRCode
archive.org
thumbnail

Next.js is an open-source web framework built by Vercel that powers React-based apps with features like server-side and static rendering. Recently, a critical vulnerability (CVE) was disclosed that lets attackers bypass middleware-based authorization checks. The issue was originally discovered and analyzed by Rachid Allam (zhero). In this blog, we’ll break down the vulnerability and walk through their research and will create a Nuclei template to help you detect it across your assets.

projectdiscovery EN 2025 next.js vulnerabilty CVE-2025-29927 analysis
StarkeBlog - CVE Wednesday - CVE-2024-20439 https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html
21/03/2025 08:55:41
QRCode
archive.org

Cisco recently released an advisory for CVE-2024-20439 here. (nvd) Please note I did not discover this vulnerability, I just reverse engineered the vulnerability from the advisory

starkeblog EN vulnerabilty CVE-2024-20439 Cisco Smart-Licensing-Utility reverse
Critical Veeam Backup & Replication CVE-2025-23120 https://www.rapid7.com/blog/post/2025/03/19/etr-critical-veeam-backup-and-replication-cve-2025-23120/
20/03/2025 08:27:02
QRCode
archive.org
thumbnail

On Wednesday, March 19, 2025, backup and recovery software provider Veeam published a security advisory for a critical remote code execution vulnerability tracked as CVE-2025-23120. The vulnerability affects Backup & Replication systems that are domain joined. Veeam explicitly mentions that domain-joined backup servers are against security and compliance best practices, but in reality, we believe this is likely to be a relatively common configuration

rapid7 EN 2025 Replication CVE-2025-23120 vulnerabilty Veeam
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024 https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/
14/10/2024 21:25:41
QRCode
archive.org
thumbnail

It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wild.

This must be the first time real-world attackers have reversed a patch, and reproduced a vulnerability, before some dastardly researchers released a detection artefact generator tool of their own. /s

At watchTowr's core, we're all about identifying and validating ways into organisations - sometimes through vulnerabilities in network border appliances - without requiring such luxuries as credentials or asset lists.

watchtowr EN 2024 Fortinet FortiGate CVE-2024-23113 PoC vulnerabilty analysis
4460 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio