EXODUS BLOG

Month: January 2023

All-time High Cybersecurity Attrition + Economic Uncertainty = Happy(ish) New Year

JANUARY 19, 2023

All-time High Cybersecurity Attrition + Economic Uncertainty = Happy(ish) New Year As 2023 fires up, so do the attrition numbers across the Cybersecurity vertical. With bonuses being paid and cybersecurity professionals searching for the...

CloudLinux LVE kernel module (kmod-lve) Reference Counter Overflow

JANUARY 13, 2023

EIP-ad32d249 A local privilege escalation vulnerability exists in the CloudLinux Lightweight Virtualized Environment (LVE) kernel module due to an overflow of a reference counter. Successful exploitation allows an authenticated local user to escalate their privileges...

SonicWall SMA 500v and SMA 100 Series Firmware Heap Buffer Overflow

JANUARY 12, 2023

EIP-6a6472ab A remote code execution vulnerability exists in SonicWall SMA 100 Series and SMA 500v Series due to a heap buffer overflow in the ‘extensionsetting’ endpoint. A remote, authenticated attacker can send crafted HTTP...

Schneider Electric SoMachine HVAC ActiveX Control Information Disclosure Vulnerability

JANUARY 12, 2023

EIP-50a1e402 An information disclosure vulnerability exists in Schneider Electric SoMachine HVAC due to a method in the ‘AxEditGrid3.ocx’ ActiveX control leaking a heap address of an ActiveX object. An attacker can entice a user...