GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    cR0w :cascadia: (cr0w@infosec.exchange)'s status on Friday, 04-Apr-2025 01:25:40 JST cR0w :cascadia: cR0w :cascadia:

    Go hack some more Ivanti shit. Someone else already has been.

    https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US

    sev:CRIT 9.0 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

    A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

    https://nvd.nist.gov/vuln/detail/CVE-2025-22457

    Edit to add:

    We are aware of a limited number of customers whose Ivanti Connect Secure (22.7R2.5 or earlier) and End-of-Support Pulse Connect Secure 9.1x appliances have been exploited at the time of disclosure. Pulse Connect Secure 9.1x reached End-of-Support on December 31, 2024, and no longer receive code support or changes.

    #ivanti #groundhogDay

    In conversation about 2 months ago from infosec.exchange permalink
    • Embed this notice
      Taggart :donor: (mttaggart@infosec.exchange)'s status on Friday, 04-Apr-2025 01:25:38 JST Taggart :donor: Taggart :donor:
      in reply to
      • buherator

      @cR0w @buherator I wish a company that decided to rebuild their edge device code in Rust would be handsomely rewarded by the market, but I know that almost nobody actually cares about these vulns, and even fewer about true systemic fixes.

      In conversation about 2 months ago permalink
    • Embed this notice
      buherator (buherator@infosec.place)'s status on Friday, 04-Apr-2025 01:25:38 JST buherator buherator
      in reply to
      • Taggart :donor:
      @mttaggart @cR0w I don't want unicorns, I just would like to see that shitty security QA has consequences on the market, regardless of technology.
      In conversation about 2 months ago permalink
    • Embed this notice
      cR0w :cascadia: (cr0w@infosec.exchange)'s status on Friday, 04-Apr-2025 01:25:39 JST cR0w :cascadia: cR0w :cascadia:
      in reply to
      • buherator

      @buherator That's so far down on questions I have at this point. 😆

      In conversation about 2 months ago permalink
    • Embed this notice
      buherator (buherator@infosec.place)'s status on Friday, 04-Apr-2025 01:25:40 JST buherator buherator
      in reply to
      @cR0w How can this company still exist?
      In conversation about 2 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.