Overview On December 26, 2022, NSFOCUS CERT detected multiple security vulnerabilities in Linux Kernel released online, relevant users are requested to take protective measures as soon as possible. Linux Kernel Remote Code Execution Vulnerability (CVE-2022-47939): A remote code execution vulnerability exists in Linux Kernel SMB2_TREE_DISCONNECT command processing. Due to the...
Author: Jie Ji
Citrix ADC and Citrix Gateway Remote Code Execution Vulnerability (CVE-2022-27518)
Overview On December 14, NSFOCUS CERT detected that Citrix officially released a remote code execution vulnerability (CVE-2022-27518) in Citrix ADC and Gateway. Due to deficiencies in the system's control over the lifecycle of resources, an unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on a target system...
Fortinet FortiOS sslvpnd Remote Code Execution Vulnerability (CVE-2022-42475)
Overview Recently, NSFOCUS CERT detected that Fortinet officially fixed a remote code execution vulnerability (CVE-2022-42475) in FortiOS sslvpnd. Due to the flaw in sslvpnd's validation of user input, an unauthenticated attacker can trigger a buffer overflow by sending a specially crafted packet, which can eventually execute arbitrary code on the...
Thinkphp Remote Code Execution Vulnerability Alert
Overview Recently, NSFOCUS CERT has monitored that the exploit details of the Thinkphp remote code execution vulnerability are publicly disclosed on the Internet. Due to the incoming parameter inspection defect in the Thinkphp program, when Thinkphp enables the multilingual function, unauthenticated attackers can pass in parameters through get, header, cookie,...
Google Chrome V8 Type Confusion Vulnerability (CVE-2022-4262) Alert
Overview On December 5, NSFOCUS CERT found that Google officially released a type confusion vulnerability (CVE-2022-4262) in Google Chrome V8. A type confusion error occurs because a program uses one type of method to allocate or initialize a resource, such as a pointer, object, or variable, but then accesses that...
Snapd Local Privilege Escalation Vulnerability (CVE-2022-3328)
Overview On December 2, NSFOCUS CERT detected that Qualys released a local privilege escalation vulnerability (CVE-2022-3328) in Snapd. There is a conditional race vulnerability in the must_mkdir_and_open_with_perms() function in snap-confine, an attacker with normal user privileges can use Multipath Privilege Escalation Vulnerability (CVE-2022-41974) and Multipath Symbolic Link Vulnerability, bind the...
