home.social
Sign in Create account

#secdb — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #secdb, aggregated by home.social.

  1. ZEN SecDB @[email protected] ·

    🚨 CVE-2026-45185 (Dead.Letter)

    Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

    ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

    #nttdata #zen #secdb #infosec
    #deadletter #cve202645185 #exim #gnutls

    #nttdata #zen #secdb #infosec #deadletter #cve202645185
  2. ZEN SecDB @[email protected] ·

    🚨 CVE-2026-45185 (Dead.Letter)

    Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

    ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

    #nttdata #zen #secdb #infosec
    #deadletter #cve202645185 #exim #gnutls

    #nttdata #zen #secdb #infosec #deadletter #cve202645185
  3. ZEN SecDB @[email protected] ·

    🚨 CVE-2026-45185 (Dead.Letter)

    Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

    ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

    #nttdata #zen #secdb #infosec
    #deadletter #cve202645185 #exim #gnutls

    #gnutls #exim #cve202645185 #deadletter #infosec #secdb
  4. ZEN SecDB @[email protected] ·

    🚨 [CISA-2026:0430] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

    ⚠️ CVE-2026-41940 (secdb.nttzen.cloud/cve/detail/)
    - Name: WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
    - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    - Known To Be Used in Ransomware Campaigns? Unknown
    - Vendor: WebPros
    - Product: cPanel & WHM and WP2 (WordPress Squared)
    - Notes: support.cpanel.net/hc/en-us/ar ; docs.cpanel.net/release-notes/ ; docs.wpsquared.com/changelogs/ ; nvd.nist.gov/vuln/detail/CVE-2;

    #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260430 #cisa20260430 #cve_2026_41940 #cve202641940

    #secdb #infosec #cve #cisa_kev #cisa_20260430 #cisa20260430
  5. ZEN SecDB @[email protected] ·

    🚨 [CISA-2026:0430] CISA Adds One Known Exploited Vulnerability to Catalog (secdb.nttzen.cloud/security-ad)

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

    ⚠️ CVE-2026-41940 (secdb.nttzen.cloud/cve/detail/)
    - Name: WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
    - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    - Known To Be Used in Ransomware Campaigns? Unknown
    - Vendor: WebPros
    - Product: cPanel & WHM and WP2 (WordPress Squared)
    - Notes: support.cpanel.net/hc/en-us/ar ; docs.cpanel.net/release-notes/ ; docs.wpsquared.com/changelogs/ ; nvd.nist.gov/vuln/detail/CVE-2;

    #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260430 #cisa20260430 #cve_2026_41940 #cve202641940

    #cve202641940 #cve_2026_41940 #cisa20260430 #cisa_20260430 #cisa_kev #cve
  6. ZEN SecDB @[email protected] ·

    🚨 CVE-2026-41651 (Pack2TheRoot)

    PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

    PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.

    ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

    #nttdata #zen #secdb #infosec
    #pack2theroot #cve2026411651 #packagekit #toctou

    #nttdata #zen #secdb #infosec #pack2theroot #cve2026411651
  7. ZEN SecDB @[email protected] ·

    🚨 CVE-2026-41651 (Pack2TheRoot)

    PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

    PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.

    ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

    #nttdata #zen #secdb #infosec
    #pack2theroot #cve2026411651 #packagekit #toctou

    #nttdata #zen #secdb #infosec #pack2theroot #cve2026411651
  8. ZEN SecDB @[email protected] ·

    🚨 CVE-2026-41651 (Pack2TheRoot)

    PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

    PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.

    ℹ️ Additional info on ZEN SecDB secdb.nttzen.cloud/cve/detail/

    #nttdata #zen #secdb #infosec
    #pack2theroot #cve2026411651 #packagekit #toctou

    #toctou #packagekit #cve2026411651 #pack2theroot #infosec #secdb