Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Ubuntu Security Notice USN-5594-1

Ubuntu Security Notice 5594-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Packet Storm
Open in Source
#vulnerability#web#google#microsoft#amazon#ubuntu#linux#dos#intel#perl#samba#aws#ibm
Ubuntu Security Notice USN-5592-1

Ubuntu Security Notice 5592-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Warning: PyPI Feature Executes Code Automatically After Python Package Download

In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package," Checkmarx researcher Yehuda Gelb said in a

CVE-2022-39188: mmu_gather: Force tlb-flush VM_PFNMAP vmas · torvalds/linux@b67fbeb

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.

Threat Actor Phishing PyPI Users Identified

"JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the widely used Python code repository.

Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams

The expanding Internet of Things ecosystem is seeing a startling rate of vulnerability disclosures, leaving companies with a greater need for visibility into and patching of IoT devices.

Stellar Repair for Access – Software Review

By Owais Sultan If your MS Access database is corrupted or is in an inconsistent state, you can use the Compact… This is a post from HackRead.com Read the original post: Stellar Repair for Access – Software Review

CVE-2022-36569: IoTvuln/tenda_ac9_setMacFilterCfg.md at main · CyberUnicornIoT/IoTvuln

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg.

European Spyware Vendor Intellexa Offering Android, iOS Device Exploits

By Deeba Ahmed The proposal documents were leaked on a Russian hacking forum showing Intellexa is offering remote data extraction from Android and iOS devices in exchange for $8 million. This is a post from HackRead.com Read the original post: European Spyware Vendor Intellexa Offering Android, iOS Device Exploits

Ubuntu Security Notice USN-5589-1

Ubuntu Security Notice 5589-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.