Displaying items by tag: cve

It seems that Amazon’s hotfix for Log4Shell in their AWS environment might have been a bit rushed. According to a review of the hot there are a total of four CVEs specifically related to the hotfix and how it functions. CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, and CVE-2022-0071 have a CVSS score of 8.8 and allow for privilege escalation and container escape. It is not often that a fix for one bad bug contains a potentially worse one, but here we are.

Apache and their open-source tools have gotten a lot of press lately. After the Lgo4Shell vulnerability in their Log4J tool, and the massive response from vendors and security organizations we are now learning that researchers have discovered a remote code execution flaw in the NoSQL database management tool Cassandra. This time, unlike Log4J flaw the disclosure comes with a patch already available for installation.

A newly released CVE (common vulnerabilities and exposures) CVE-2021-4034 for Linux has identified a vulnerability in PolKit’s (formerly PolicyKit) pkexe that exists in very major release of Linux. The vulnerability known as PwnKit can be exploited to gain full root on a target system. The flaw, according to researchers has also been present for more than 12 years.