Posted on November 09, 2022 in Test
This is a test notice, which you have opted in to. Bug Alert has completed integrating Twilio support for international calls and SMS. Save our phone number to your contacts!
Posted on July 20, 2022 in Services & System Applications
Multiple Vulnerabilities have been disclosed in Atlassian Products. A hardcoded credential vulnerability in Questions for Confluence, and Servlet Filter Bypass Vulnerabilities have been found in multiple Atlassian products that may enable Authentication Bypasses, XSS Attacks, and CORS attacks. These vulnerabilities have been assigned a bug alert severity of 'very high'. Atlassian recommends patching affected installations immediately.
Posted on June 02, 2022 in Services & System Applications
An unauthenticated remote code execution flaw has been found, and is being actively exploited, in Atlassian Confluence, and has been assigned a bug alert severity of 'very high'. Atlassian recommends removing installations from the Internet immediately.
Posted on May 30, 2022 in End-User Applications
A remote code execution vulnerability, dubbed 'Follina', has been found in Microsoft Office via Microsoft Support Diagnostic Tool (MSDT). This issue can be exploited in the default configuration on Windows, and only requires the user be tricked into downloading a malicious file. There is no patch. This issue has been assigned a bug alert severity of 'high'.
Posted on April 20, 2022 in Services & System Applications
An authentication bypass vulnerability has been found in Atlassian Jira. This issue can be exploited in the default configuration, and has been assigned a bug alert severity of 'very high'.
Posted on March 30, 2022 in Software Frameworks, Libraries, and Components
Praetorian has confirmed that a remote code execution vulnerability exists in Spring, an extremely popular Java framework. How broadly this impacts the Spring ecosystem remains unclear. The flaw has been assigned a bug alert severity of 'critical'.
Posted on March 29, 2022 in Software Frameworks, Libraries, and Components
An unconfirmed, but possible, remote code execution vulnerability is believed to exist in Spring, an extremely popular Java framework. This issue is likely easily exploited in common configurations. If confirmed, another notice will be sent out with a severity of 'critical'. While unconfirmed, the severity has been assigned 'high'.
Posted on February 08, 2022 in Services & System Applications
A request smuggling issue in SAP NetWeaver, SAP Content Server, and SAP Web Dispatcher allows unauthenticated user impersonation. These systems are commonly Internet-facing. The flaw has been assigned a bug alert severity of 'critical', and the vendor has supplied patches.
Posted on January 25, 2022 in Operating Systems
A local privilege escalation bug (from any user to root) has been found polkit's pkexec, and exploit code is available. This binary is a SUID root program available on every major Linux distro, and is most commonly installed if a GUI is present. The flaw has been assigned a bug alert severity of 'very high'.
Posted on January 11, 2022 in Bug Alert News
The Bug Alert team is celebrating a successful launch with more features (Telegram support!), a community Slack, and more.