#Tag
⚠️ TARmageddon flaw in abandoned Rust library enables RCE attacks
「 Tracked as CVE-2025-62518, this logic flaw results from a desynchronization issue that allows unauthenticated attackers to inject additional archive entries during TAR file extraction 」
⚠️ Over 75,000 WatchGuard security devices vulnerable to critical RCE
「 Firebox devices act as a central defense hub that controls traffic between internal and external networks, providing protection through policy management, security services, VPN, and real-time real-time visibility through WatchGuard Cloud 」
#watchguard #netbox #rce #exploit #cybersecurity #CVE20259242
"SUSE Multi-Linux Manager provides automated patching, content lifecycle management, and realtime monitoring to keep your mixed Linux environment secure"
For our MSFT-aligned friends in particular,
Happy POST /_layouts/15/ToolPane.aspx?DisplayMode=Edit day to all who celebrate!
https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770 #sharepoint #bugs #msft #post #rce
For our MSFT-aligned friends in particular,
Happy POST /_layouts/15/ToolPane.aspx?DisplayMode=Edit day to all who celebrate!
https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770 #sharepoint #bugs #msft #post #rce
I found a vulnerability in git. CVE-2025-48384: Breaking git with a carriage return and cloning RCE - https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384
As the post explains this is one of my favourite classes of vulnerability, using characters that are old and sometimes forgotten.
I found a vulnerability in git. CVE-2025-48384: Breaking git with a carriage return and cloning RCE - https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384
As the post explains this is one of my favourite classes of vulnerability, using characters that are old and sometimes forgotten.
A space for Bonfire maintainers and contributors to communicate
