Security
Headlines
HeadlinesLatestCVEs

Latest News

Gentoo Linux Security Advisory 202409-24

Gentoo Linux Security Advisory 202409-24 - Multiple vulnerabilities have been found in Tor, the worst of which could result in denial of service. Versions greater than or equal to 0.4.8.9 are affected.

Packet Storm
#vulnerability#web#mac#linux#dos
Gentoo Linux Security Advisory 202409-23

Gentoo Linux Security Advisory 202409-23 - A vulnerability has been found in ZNC which could result in remote code execution. Versions greater than or equal to 1.9.1 are affected.

Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass

A mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and in consequence gaining total control over Screen Time (Parental Control) settings. Version 17.2.1 is affected.

Ubuntu Security Notice USN-7029-1

Ubuntu Security Notice 7029-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.

Netman 204 4.05 SQL Injection / Unauthenticated Password Reset

Netman 204 version 4.05 suffers from remote SQL injection and unauthenticated password reset vulnerabilities.

Gentoo Linux Security Advisory 202409-22

Gentoo Linux Security Advisory 202409-22 - A vulnerability has been discovered in GCC, which can lead to flawed code generation. Versions greater than or equal to 10.0 are affected.

Elaine's Realtime CRM Automation 6.18.17 Cross Site Scripting

Elaine's Realtime CRM Automation version 6.18.17 suffers from a cross site scripting vulnerability.

Ubuntu Security Notice USN-7007-3

Ubuntu Security Notice 7007-3 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

PHP ACRSS 1.0 Cross Site Request Forgery

PHP ACRSS version 1.0 suffers from a cross site request forgery vulnerability.

Gentoo Linux Security Advisory 202409-21

Gentoo Linux Security Advisory 202409-21 - Multiple vulnerabilities have been discovered in Hunspell, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.7.1 are affected.