Overview On November 2, 2022, NSFOCUS CERT detected that openssl officially released a security notice and fixed multiple buffer overflow vulnerabilities in OpenSSL. OpenSSL is an open source software library package. Applications can use this package to communicate securely, avoid eavesdropping, and confirm the identity of the other end of...
Category: Emergency Response
Google Chrome Remote Code Execution Vulnerability (CVE-2022-3723) Alert
Overview Recently, NSFOCUS CERT monitored that Google Chrome has officially released a security bulletin and fixed a remote code execution vulnerability in Chrome V8 (JavaScript engine). Due to a type confusion vulnerability in Chrome V8, a remote attacker could exploit the vulnerability to execute arbitrary code on the target system....
Apache Dubbo Remote Code Execution Vulnerability (CVE-2022-39198) Notification
Overview On October 19, NSFOCUS CERT found that Apache issued a security notice to fix a remote code execution vulnerability (CVE-2022-39198) in Dubbo. Due to a deserialization vulnerability in Dubbo's hessian-lite, an attacker can exploit this vulnerability to remotely execute arbitrary code on the target system. Relevant users are requested...
Linux Kernel Privilege Escalation Vulnerability (CVE-2022-2588) Notification
Overview Recently, NSFOCUS CERT detected that a researcher disclosed an EXP that exists in the Linux kernel privilege escalation vulnerability (CVE-2022-2588) on the Internet. Due to improper operation of the route4_filter linked list, there is a use-after-free vulnerability in the route4_change function of the net/schedule/cls_route.c filter. By exploiting this vulnerability,...
Microsoft’s September security update for multiple high-risk product vulnerabilities
Overview On September 14, NSFOCUS CERT detected that Microsoft released the September security update patch, which fixed 63 security issues, involving widely used products such as Windows TCP/IP, .NET Framework, Windows Print Spooler Components, and Windows LDAP. Including high-risk vulnerability types such as privilege escalation and remote code execution. Among...
Apache Hadoop Remote Code Execution Vulnerability (CVE-2022-25168) Alert
Overview Recently, NSFOCUS CERT found that Apache Hadoop officially fixed a command injection vulnerability. Since Apache Hadoop's FileUtil.unTar API does not escape the input filename before passing it to the shell, an attacker could exploit this vulnerability to inject arbitrary commands and thus achieve remote code execution. Affected users are...
