Security News > 2021 > August > Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems
2021-08-23 06:27

That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top threats and vulnerabilities affecting the operating system in the first half of 2021, based on data amassed from honeypots, sensors, and anonymized telemetry.

CVE-2020-17496 - vBulletin 'subwidgetConfig' unauthenticated RCE vulnerability.

CVE-2020-11651 - SaltStack Salt authorization weakness vulnerability.

CVE-2017-7657 - Eclipse Jetty chunk length parsing integer overflow vulnerability.

CVE-2013-4547 - Nginx crafted URI string handling access restriction bypass vulnerability.

Even more troublingly, the 15 most commonly used Docker images on the official Docker Hub repository has been revealed to harbor hundreds of vulnerabilities spanning across python, node, wordpress, golang, nginx, postgres, influxdb, httpd, mysql, debian, memcached, redis, mongo, centos, and rabbitmq, underscoring the need to secure containers from a wide range of potential threats at each stage of the development pipeline.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/snwx3DFKE7A/top-15-vulnerabilities-attackers.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-08-12 CVE-2020-17496 Injection vulnerability in Vbulletin
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request.
network
low complexity
vbulletin CWE-74
critical
9.8
2020-04-30 CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
network
low complexity
saltstack opensuse debian canonical vmware
critical
9.8
2018-06-26 CVE-2017-7657 HTTP Request Smuggling vulnerability in multiple products
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly.
network
low complexity
eclipse debian netapp hp oracle CWE-444
critical
9.8
2013-11-23 CVE-2013-4547 Improper Encoding or Escaping of Output vulnerability in multiple products
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232