Security Vulnerabilities - Page 7

Discover Security Vulnerabilities News

Important runC Privilege Escalation Flaws Fixed

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Several important security issues were identified in the runC Open Container Project. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories (CVE-2023-27561), and incorrectly handled /proc and /sys mounts inside a container (CVE-2023-28642).

Brittany Day
May 26, 2023

CISA Warns Several Old Linux Vulns Exploited in Attacks

The Cybersecurity & Infrastructure Security Agency (CISA) added seven new Linux vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on Friday based on evidence of active exploitation, some of which have been known for a decade:

Brittany Day
May 26, 2023

Important Ruby ReDoS Vulns Discovered & Fixed

Two important ReDoS issues have been found in the Ruby programming language; one in the URI component (CVE-2023-28755) and one in the Time component (CVE-2023-28756). It was discovered that the URI parser and the Time parser mishandle invalid URLs that have specific characters, causing an increase in execution time for parsing strings to URI and Time objects.

Brittany Day
May 25, 2023

Remotely Exploitable Open vSwitch DoS Vuln Fixed

It was discovered that Open vSwitch could be made to stop forwarding packets if it received specially crafted network traffic (CVE-2023-1668). Due to its high availability impact and the low attack complexity required to exploit the bug, this vulnerability has received a National Vulnerability Database (NVD) base score of 8.2 out of 10 (“High” severity).

Brittany Day
May 12, 2023

Important Linux Kernel DoS, Privilege Escalation Vulns Fixed

Several important security issues were discovered in the Linux kernel (CVE-2023-0386, CVE-2023-1829, CVE-2022-2590 and CVE-2022-4095). These bugs have been classified as “high-severity” by the National Vulnerability Database (NVD) due to their high confidentiality, integrity and availability impact.

Brittany Day
May 12, 2023

WebKitGTK Arbitrary Code Execution, Info Disclosure Bugs Fixed - Update Now

Several high-severity vulnerabilities have been found in the WebKitGTK web engine, including a use after free issue that may have been actively exploited (CVE-2023-28205).

Brittany Day
May 11, 2023

PHP Vuln Threatens Confidentiality of Impacted Systems

It was recently discovered that PHP could be made to bypass password checking if a specially crafted input was provided (CVE-2023-0567).

Brittany Day
May 11, 2023

Git 2.40.1 & Other Updates Address Three High-Impact Security Vulnerabilities

Git 2.40.1 has been released to address three new security vulnerabilities being disclosed, which have been classified as “high-severity” by the National Vulnerability Database (NVD) due to their high confidentiality, integrity and availability impact, and the low attack complexity and lack of privileges required to exploit them. Due to these security fixes, updates for prior stable Git series are also availble with v2.39.3, v2.38.5, v2.37.7, v2.36.6, v2.35.8, v2.34.8, v2.33.8, v2.32.7, v2.31.8, and v2.30.9.

Brittany Day
May 04, 2023

Remotely Exploitable DoS, Request Smuggling Netty Vulns Fixed

Several remotely exploitable request smuggling, memory exhaustion, and HTTP response splitting vulnerabilities have been discovered in the Netty Java NIO client/server socket framework.

Brittany Day
May 04, 2023

Linux Kernel Use-After-Free Vuln Could lead to Privilege Escalation, Malware Attacks

A use-after-free vulnerability (CVE-2023-1829) has been discovered in the Linux Kernel traffic control index filter (tcindex). It was discovered that the tcindex_delete function does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure, which can later lead to double freeing the structure.

Brittany Day
May 04, 2023

Linux Kernel Logic Allowed Spectre Attack on 'Major Cloud Provider'

The Spectre vulnerability that has haunted hardware and software makers since 2018 continues to defy efforts to bury it.

Brittany Day
Apr 16, 2023

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems.

Brittany Day
Apr 02, 2023

NVIDIA Release Details of Security Issues and Release New Drivers

NVIDIA issued a new Security Bulletin, to advise you to update your GPU drivers due to multiple security issues discovered. This bulletin went out today with the email arriving in my inbox moments ago, so here's the details of the issues that affect Linux.

Brittany Day
Mar 31, 2023

Trend Micro Uncovers Yet Another X.Org Server Vulnerability: CVE-2023-1393

For over a decade now the X.Org Server has been seeing routine security disclosures in its massive codebase with some security researchers saying it's even worse than it looks and security researchers frequently finding multiple vulnerabilities at a time in the large and aging code-base that these days rarely sees new feature work. Now another disclosure has made by security researchers.

Brittany Day
Mar 31, 2023

Linux Kernel Vulnerabilities in Ubuntu Let Hackers Launch DOS Attack & Execute Arbitrary Code

Several security vulnerabilities were recently addressed by Canonical in both Graphviz and the Linux kernel of Ubuntu.

Brittany Day
Mar 29, 2023

Google Discloses CentOS Linux Kernel Vulnerabilities Following Failure to Issue Timely Fixes

Google Project Zero is a security team responsible for discovering security flaws in Google's own products as well as software developed by other vendors. Following discovery, the issues are privately reported to vendors and they are given 90 days to fix the reported problems before they are disclosed publicly. In some cases, a 14-day grace period is also given, depending on the complexity of the solution involved.

Brittany Day
Mar 26, 2023

Linux Gets Double-Quick Double-Update to Fix Kernel Oops!

Linux has never suffered from the infamous BSoD, short for blue screen of death, the name given to the dreaded “something went terribly wrong” message associated with a Windows system crash.

Brittany Day
Mar 14, 2023

Linux Inadvertently Has Been Leaving IBRS-Mitigated Systems Without STIBP

The Linux kernel since last year has mistakenly left systems relying on the original Indirect Branch Restricted Speculation (IBRS) for Spectre V2 mitigation without Single Threaded Indirect Branch Predictor (STIBP) coverage for cross-HyperThread dealing with this Spectre vulnerability. There is a patch underway that is resolving this issue for Intel Skylake era systems.

Brittany Day
Feb 28, 2023

Cisco ClamAV Anti-Malware Scanner Vulnerable to Serious Security Flaw

A security flaw in a bundle anti-malware scanner product has created a serious security risk for some products from networking giant Cisco.

Brittany Day
Feb 24, 2023

Readline Crime: Exploiting a SUID Logic Bug

I discovered a logic bug in the readline dependency partially reveals file information when parsing the file specified in the INPUTRC environment variable. This could allow attackers to move laterally on a box where sshd is running, a given user is able to login, and the user’s private key is stored in a known location (/home/user/.ssh/id_rsa).

Brittany Day
Feb 22, 2023

Security Vulnerabilities - Page 7

Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns

Easily Exploitable 10-Year-Old needrestart Utility Flaws Allow Root Access

7-Zip Users Beware: Urgent Update Needed to Fix Code Execution Security Flaw