November 21, 2024 at 10:08AM Qualys researchers revealed five critical vulnerabilities in Ubuntu Server’s needrestart utility that allow unprivileged attackers to gain root access. Though they developed exploit code, they won’t release it due to its alarming nature. Admins are urged to update to version 3.8 or later to mitigate risks. **Meeting Takeaways:** 1. **Vulnerabilities … Read more
October 17, 2024 at 02:48AM A critical security flaw (CVE-2024-9486) in Kubernetes Image Builder could allow root access due to default credentials during image builds. Addressed in version 0.1.38, users are advised to disable affected accounts and rebuild images. Additionally, related vulnerabilities in Microsoft and Apache Solr were also disclosed and patched. ### Meeting Takeaways … Read more
January 31, 2024 at 12:48PM A vulnerability in Linux’s glibc allows attackers to gain full root access, as reported by Qualys. Tracked as CVE-2023-6246, the heap-based buffer overflow in glibc’s __vsyslog_internal() function can be exploited by providing a long argv[0] or openlog() ident argument. While remote triggering is unlikely, it poses a significant risk due … Read more
October 20, 2023 at 06:17PM Cisco has disclosed two high-severity zero-day vulnerabilities, CVE-2023-20198 and CVE-2023-20273, being actively exploited to compromise Cisco IOS XE devices. The company has found fixes for both vulnerabilities and plans to release them on October 22. Over 40,000 devices have already been compromised. System administrators are urged to disable the vulnerable … Read more