Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/screaminggoat/statuses/113986875105156497">screaminggoat (screaminggoat@infosec.exchange)'s status on Thursday, 13-Feb-2025 03:41:56 JST</a><a href="https://infosec.exchange/@screaminggoat" title="screaminggoat@infosec.exchange"><img src="https://gnusocial.jp/avatar/278335-48-20250102170004.webp" width="48" height="48" alt="screaminggoat" style="position: absolute; left: 0; top: 0;">screaminggoat</a><div><a href="https://infosec.exchange/@screaminggoat/113986664467851624" rel="in-reply-to">in reply to</a></div></section><article><p>CISA: <a href="https://www.cisa.gov/news-events/alerts/2025/02/11/cisa-adds-four-known-exploited-vulnerabilities-catalog" rel="nofollow">CISA Adds Four Known Exploited Vulnerabilities to Catalog</a></p><ul><li><a href="https://www.cve.org/CVERecord?id=CVE-2025-21418" rel="nofollow">CVE-2025-21418</a> (7.8 high) Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2025-21391" rel="nofollow">CVE-2025-21391</a> (7.1 high) Microsoft Windows Storage Link Following Vulnerability</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2024-40890" rel="nofollow">CVE-2024-40890</a> (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability</li><li><a href="https://www.cve.org/CVERecord?id=CVE-2024-40891" rel="nofollow">CVE-2024-40891</a> (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability</li></ul><p>The Zyxel stuff is not new, but since the Microsoft zero-days are part of <a href="https://infosec.exchange/tags/PatchTuesday" rel="tag">#PatchTuesday</a>, I'm including them in this conversation.</p><p><a href="https://infosec.exchange/tags/cisa" rel="tag">#cisa</a> <a href="https://infosec.exchange/tags/kev" rel="tag">#kev</a> <a href="https://infosec.exchange/tags/cisakev" rel="tag">#cisakev</a> <a href="https://infosec.exchange/tags/KnownExploitedVulnerabilitiesCatalog" rel="tag">#KnownExploitedVulnerabilitiesCatalog</a> <a href="https://infosec.exchange/tags/vulnerability" rel="tag">#vulnerability</a> <a href="https://infosec.exchange/tags/zeroday" rel="tag">#zeroday</a> <a href="https://infosec.exchange/tags/eitw" rel="tag">#eitw</a> <a href="https://infosec.exchange/tags/activeexploitation" rel="tag">#activeexploitation</a> <a href="https://infosec.exchange/tags/infosec" rel="tag">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" rel="tag">#cybersecurity</a> <a href="https://infosec.exchange/tags/cve" rel="tag">#cve</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4554181#notice-8915714">In conversation</a><time datetime="2025-02-13T03:41:56+09:00" title="Thursday, 13-Feb-2025 03:41:56 JST">about 3 months ago</time> <span>from <span><a href="https://infosec.exchange/@screaminggoat/113986875105156497" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@screaminggoat/113986875105156497">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
screaminggoat (screaminggoat@infosec.exchange)'s status on Thursday, 13-Feb-2025 03:41:56 JST screaminggoat
in reply to
CISA: CISA Adds Four Known Exploited Vulnerabilities to Catalog
- CVE-2025-21418 (7.8 high) Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
- CVE-2025-21391 (7.1 high) Microsoft Windows Storage Link Following Vulnerability
- CVE-2024-40890 (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability
- CVE-2024-40891 (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability
The Zyxel stuff is not new, but since the Microsoft zero-days are part of #PatchTuesday, I'm including them in this conversation.
#cisa #kev #cisakev #KnownExploitedVulnerabilitiesCatalog #vulnerability #zeroday #eitw #activeexploitation #infosec #cybersecurity #cve
In conversationabout 3 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice