Authentication Bypass in Atlassian Jira (CVE-2022-0540)

Posted on April 20, 2022 in Services & System Applications

An authentication bypass vulnerability has been found in Atlassian Jira. This issue can be exploited in the default configuration, and has been assigned a bug alert severity of 'very high'.


Continue reading

Confirmed remote code execution (RCE) in Spring Core, an extremely popular Java framework (CVE-2022-22965)

Posted on March 30, 2022 in Software Frameworks, Libraries, and Components

Praetorian has confirmed that a remote code execution vulnerability exists in Spring, an extremely popular Java framework. How broadly this impacts the Spring ecosystem remains unclear. The flaw has been assigned a bug alert severity of 'critical'.


Continue reading

Advanced warning: possible remote code execution (RCE) in Spring, an extremely popular Java framework

Posted on March 29, 2022 in Software Frameworks, Libraries, and Components

An unconfirmed, but possible, remote code execution vulnerability is believed to exist in Spring, an extremely popular Java framework. This issue is likely easily exploited in common configurations. If confirmed, another notice will be sent out with a severity of 'critical'. While unconfirmed, the severity has been assigned 'high'.


Continue reading

Unauthenticated user impersonation (auth bypass) in SAP

Posted on February 08, 2022 in Services & System Applications

A request smuggling issue in SAP NetWeaver, SAP Content Server, and SAP Web Dispatcher allows unauthenticated user impersonation. These systems are commonly Internet-facing. The flaw has been assigned a bug alert severity of 'critical', and the vendor has supplied patches.


Continue reading

Local privilege escalation in pkexec, a core Linux system component

Posted on January 25, 2022 in Operating Systems

A local privilege escalation bug (from any user to root) has been found polkit's pkexec, and exploit code is available. This binary is a SUID root program available on every major Linux distro, and is most commonly installed if a GUI is present. The flaw has been assigned a bug alert severity of 'very high'.


Continue reading

Post-Launch Updates: Telegram Support, Community Slack, and Celebrating Success

Posted on January 11, 2022 in Bug Alert News

The Bug Alert team is celebrating a successful launch with more features (Telegram support!), a community Slack, and more.


Continue reading

Bug Alert is Live

Posted on January 04, 2022 in Bug Alert News

Hello, world! Bug Alert is now live. Read the announcement post at https://mattslifebytes.com/2022/01/04/bugalert-org/ to learn more.


Continue reading

RCE in Log4j

Posted on December 09, 2021 in Software Frameworks, Libraries, and Components

A remote code execution vulnerability has been found in the popular Java logging library Log4j. This issue is easily exploited in common configurations, and has been assigned a bug alert severity of 'critical'.


Continue reading

Placeholder for the End-User Applications Category

Posted on December 01, 2021 in End-User Applications


Continue reading

Placeholder for the Operating Systems Category

Posted on December 01, 2021 in Operating Systems


Continue reading