Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

Ubuntu Security Notice USN-5814-1

Ubuntu Security Notice 5814-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Packet Storm
Open in Source
#vulnerability#google#microsoft#ubuntu#linux#dos#oracle#intel#perl#buffer_overflow
OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation

OpenText Extended ECM versions 16.2.2 through 22.3 suffer from arbitrary file deletion, information disclosure, local file inclusion, and privilege escalation vulnerabilities.

Ubuntu Security Notice USN-5813-1

Ubuntu Security Notice 5813-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

What happened in privacy in 2022

In 2022, privacy was upended for millions of people. Here are the biggest stories from last year. (Read more...) The post What happened in privacy in 2022 appeared first on Malwarebytes Labs.

CVE-2023-23691: DSA-2023-018: Dell PowerVault ME5 Security Update for a Client Desync Attack Vulnerability

Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS.

New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability

A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October 2022, at least nearly two months before fixes were

Attackers Crafted Custom Malware for Fortinet Zero-Day

The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.

Debian Security Advisory 5322-1

Debian Linux Security Advisory 5322-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.

CVE-2021-37774: GitHub - fishykz/TP-POC

An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code.

Malicious PyPI Packages Drop Malware in New Supply Chain Attack

By Deeba Ahmed These packages were uploaded between the 7th and 12th of January 2023 with the names "colorslib," "httpslib," and "libhttps." This is a post from HackRead.com Read the original post: Malicious PyPI Packages Drop Malware in New Supply Chain Attack