101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Server stats:

487
active users

#cve2022

0 posts0 participants0 posts today
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>"🚨 <a href="https://infosec.exchange/tags/FortinetFlaw" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FortinetFlaw</span></a> Alert! RCE Vulnerability in SSL VPN - Act Now! 🚨"</p><p>Fortinet's SSL VPN is in the spotlight due to a newly discovered RCE vulnerability, potentially exploited in recent attacks due to the existence of an exploit being publicly available. Identified as CVE-2022-40684 (FG-IR-24-015) (Critical/9.8 rating), this flaw allows unauthenticated attackers to execute arbitrary code. Upgrading to version 6.2.16, 6.4.15, 7.0.14, 7.2.7 or 7.4.3 eliminates this vulnerability. Security researchers urge immediate patching as exploits are likely circulating. 🛡️💻🔐</p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fortinet</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/PatchNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchNow</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/SSLVPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSLVPN</span></a> <a href="https://infosec.exchange/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a></p><p>Source: <a href="https://www.bleepingcomputer.com/news/security/new-fortinet-rce-flaw-in-ssl-vpn-likely-exploited-in-attacks/" rel="nofollow noopener" target="_blank">BleepingComputer</a>, <a href="https://www.tenable.com/plugins/nessus/190238" rel="nofollow noopener" target="_blank">Tenable</a></p><p>Tags: <a href="https://infosec.exchange/tags/CVE2022" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2022</span></a>-40684 <a href="https://infosec.exchange/tags/FORTIOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FORTIOS</span></a> <a href="https://infosec.exchange/tags/SecurityUpdate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityUpdate</span></a> <a href="https://infosec.exchange/tags/Mitigation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mitigation</span></a> <a href="https://infosec.exchange/tags/InfoSecCommunity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSecCommunity</span></a> <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberThreats</span></a> <a href="https://infosec.exchange/tags/FGIR24015" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FGIR24015</span></a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>"🚨 <strong>NGINX Ingress Vulnerabilities Exposed!</strong> 🚨"</p><p>Three new vulnerabilities have been identified in the NGINX ingress controller for Kubernetes. These vulnerabilities, tagged as CVE-2023-5043, CVE-2023-5044, and CVE-2022-4886, could potentially allow attackers to steal secret credentials from the cluster. 🕵️‍♂️🔓</p><ul><li><p><strong>CVE-2023-5043 &amp; CVE-2023-5044</strong>: These vulnerabilities can be exploited by attackers who can control the Ingress object's configuration. By using the annotation fields “configuration-snippet” or “permanent-redirect”, attackers can inject arbitrary code into the ingress controller process, gaining access to the service account token of the ingress controller. This token has a ClusterRole, enabling reading of all Kubernetes secrets in the cluster. 😱</p></li><li><p><strong>CVE-2022-4886</strong>: This vulnerability lies in the way the “path” field is used in the Ingress routing definitions. A flaw in the validation of the inner path can lead to exposure of the service account token, which is used for authentication against the API server. 🚫</p></li></ul><p>Mitigation steps include updating NGINX to version 1.19 and enabling the “--enable-annotation-validation” command line configuration. 🛡️</p><p>These vulnerabilities underscore the importance of securing ingress controllers, given their high privilege scope and potential exposure to external traffic.</p><p>Source: <a href="https://www.armosec.io/blog/cve-2023-5043-nginx-ingress/" rel="nofollow noopener" target="_blank">ARMO Blog</a> by Ben Hirschberg, CTO &amp; Co-founder.</p><p>Tags: <a href="https://infosec.exchange/tags/NGINX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NGINX</span></a> <a href="https://infosec.exchange/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kubernetes</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/IngressController" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IngressController</span></a> <a href="https://infosec.exchange/tags/CVE2023" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2023</span></a> <a href="https://infosec.exchange/tags/CVE2022" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2022</span></a> 🌐🔐🔍</p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>"🚨 <a href="https://infosec.exchange/tags/CitrixHypervisor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CitrixHypervisor</span></a> Security Alert! 🚨"</p><p>Citrix has identified several security issues in Citrix Hypervisor 8.2 CU1 LTSR that could potentially compromise system security. These issues include AMD-based host compromise through a PCI device (CVE-2023-34326), host compromise with specific administrative actions (CVE-2022-1304), host crashes or unresponsiveness (CVE-2023-34324), and crashing of other VMs on AMD-based hosts (CVE-2023-34327). Additionally, a security problem affecting certain AMD CPUs, which may allow code in a guest VM to access previous integer divides in code running on the same CPU core, has been disclosed as CVE-2023-20588.</p><p>Mitigating factors include the dependency on AMD CPUs and the use of specific features. Customers not using AMD CPUs or PCI passthrough features may not be affected by some of these issues.</p><p>Citrix has released multiple security updates for Citrix Hypervisor 8.2 CU1 LTSR. Several vulnerabilities have been discovered:</p><ol><li><strong>CVE-2023-34326</strong>: A threat that allows malicious privileged code in a guest VM to compromise an AMD-based host via a passed-through PCI device.</li><li><strong>CVE-2022-1304</strong>: A vulnerability that can compromise the host when a specific administrative action is taken.</li><li><strong>CVE-2023-34324</strong>: A flaw that can cause the host to crash or become unresponsive.</li><li><strong>CVE-2023-34327</strong>: A vulnerability that can cause a different VM running on the AMD-based host to crash.</li><li><strong>CVE-2023-20588</strong>: A security issue affecting certain AMD CPUs, allowing code in a guest VM to determine values from previous integer divides in code running on the same CPU core.</li></ol><p>Citrix has provided hotfixes for these vulnerabilities. Affected users are advised to install these updates and follow the provided instructions. For more details, check the official Citrix article <a href="https://support.citrix.com/article/CTX575089" rel="nofollow noopener" target="_blank">here</a>.</p><p>Tags: <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Citrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Citrix</span></a> <a href="https://infosec.exchange/tags/Hypervisor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hypervisor</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/AMD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AMD</span></a> <a href="https://infosec.exchange/tags/CVE2023" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2023</span></a> <a href="https://infosec.exchange/tags/CVE2022" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2022</span></a> <a href="https://infosec.exchange/tags/SecurityUpdates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityUpdates</span></a> 🛡️🔧</p>