Security Vulnerabilities - Page 11

Discover Security Vulnerabilities News

QNAP warns severe OpenSSL bug affects most of its NAS devices

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Network-attached storage (NAS) maker QNAP has warned that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago.

Brittany Day
Apr 01, 2022

Linux 5.17 delayed after vulnerability discovered in AMD processors

The resurgence of Spectre-like malware has pushed the release date for the next iteration of Linux for at least a week, its creator has confirmed.

Brittany Day
Mar 16, 2022

This major Linux security vulnerability has been fixed, so patch now

If you're running a Linux distro on your computer or use an Android smartphone, you should install the latest updates immediately as a severe security vulnerability has been found and patched in the Linux kernel.

Brittany Day
Mar 10, 2022

Linux has been bitten by its most high-severity vulnerability in years

Linux has yet another high-severity vulnerability that makes it easy for untrusted users to execute code capable of carrying out a host of malicious actions including installing backdoors, creating unauthorized user accounts, and modifying scripts or binaries used by privileged services or apps.

Brittany Day
Mar 08, 2022

New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container

Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host.

Brittany Day
Mar 08, 2022

NSA-linked Bvp47 Linux backdoor widely undetected for 10 years

A new report dives deep into technical aspects of a Linux backdoor now tracked as Bvp47 that is linked to the Equation Group, the advanced persistent threat actor tied to the U.S. National Security Agency.

Brittany Day
Feb 25, 2022

Nasty Linux Kernel Stack Overflow Flaw Found and Patched

Here we go again. Another obnoxious security bug, CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel was found by Appgate senior exploit developer Samuel Page while he was poking around at a Linux heap overflow security bug, CVE-2021-43267 from November 2021. Page’s discovery is a remotely and locally reachable stack overflow in the Linux kernel’s Transparent Inter-Process Communication (TIPC) protocol networking module.

Brittany Day
Feb 23, 2022

New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager

Multiple security vulnerabilities have been disclosed in Canonical's Snap software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges.

Brittany Day
Feb 21, 2022

Linux devs fix nasty vulnerability dating back half a decade

An exploitable bug sitting in a popular Linux kernel module has been found after five years. A patch is finally available, experts say.

Brittany Day
Feb 18, 2022

Security: Google to pay up to $91,337 for exploits of new Linux and Kubernetes bugs

Google raises rewards for its kCTF exploit-focussed vulnerability bounty focussing on Linux kernel zero-day flaws. And changes some rules.

Brittany Day
Feb 17, 2022

42 Gears SureMDM Vulnerabilities May Enable Supply Chain Attacks

A number of security vulnerabilities have been disclosed in 42 Gears' SureMDM device management solution that could be weaponized by attackers to perform a supply chain compromise against affected organizations.

Brittany Day
Feb 02, 2022

CentOS 8: Urgent Encryption Issue Post EOL Risk

There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn't take long.

Brittany Day
Jan 31, 2022

Control Web Panel: Critical RCE Risks from File Inclusion Issues

Researchers have disclosed details of two critical security vulnerabilities (CVE-2021-45467) in Control Web Panel, an open-source Linux control panel software used for deploying web hosting environments, that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution (RCE) on affected servers.

Brittany Day
Jan 25, 2022

Linux Kernel: Heap Overflow Bug Fixed Across Major Distros

A heap overflow bug was recently discovered in the Linux kernel. The patch is available now in most major Linux distributions.

Brittany Day
Jan 21, 2022

Microsoft fixes NotLegit: exposed the source code of apps written in PHP and Python in Azure App Service for Linux

The Wiz research team has discovered a security issue in Azure App Service on Linux. This exposed the source code of client applications written in PHP, Python, Ruby or Node, which were deployed using “Local Git”.

Brittany Day
Dec 27, 2021

Log4j vulnerability now used to install Dridex banking malware

Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter.

Brittany Day
Dec 24, 2021

Security firm Blumira discovers major new Log4j attack vector

A basic Javascript WebSocket connection can trigger a local Log4j remote code attack via a drive-by compromise. Wonderful. Truly wonderful.

Brittany Day
Dec 18, 2021

CISA Warns! Log4j Vulnerability Poses Critical Threat to Systems

Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned the recently-revealed Log4j vulnerability was “one of the most serious” she’s seen in her entire career, “if not the most serious”.

Brittany Day
Dec 15, 2021

Ubuntu 21.04: CVE-2021-3939 critical: AccountsService local access

A local privilege escalation security vulnerability (CVE-2021-3939) could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component.

Brittany Day
Dec 14, 2021

Linux Kernel Side-Channel: DNS Cache Poisoning Threat Analysis

A recent research paper by a team at University of California, Riverside, shows the existence of previously overlooked side channels in the Linux kernels that can be exploited to attack DNS servers. According to the researchers, the issue with DNS roots in its design, that never really took security as a key concern and that made it extremely hard to retrofit strong security features into it.

Brittany Day
Nov 30, 2021

Security Vulnerabilities - Page 11

Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns

Easily Exploitable 10-Year-Old needrestart Utility Flaws Allow Root Access

7-Zip Users Beware: Urgent Update Needed to Fix Code Execution Security Flaw