Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

Debian Security Advisory 5622-1

Debian Linux Security Advisory 5622-1 - It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions.

Packet Storm
#sql#linux#debian#js#postgres
Ubuntu Security Notice USN-6635-1

Ubuntu Security Notice 6635-1 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

Red Hat Security Advisory 2024-0827-03

Red Hat Security Advisory 2024-0827-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring the challenge of securing software supply chains. Eclypsiusm, which acquired firmware version 9.1.18.2-24467.1 as part of the process, said the base operating system used by the Utah-based software company for the device is CentOS 6.4. "Pulse Secure runs an

Debian Security Advisory 5621-1

Debian Linux Security Advisory 5621-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation, which may result in denial of service.

Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload

Adapt CMS version 3.0.3 suffers from persistent cross site scripting and remote shell upload vulnerabilities.

Debian Security Advisory 5620-1

Debian Linux Security Advisory 5620-1 - Two vulnerabilities were discovered in unbound, a validating, recursive, caching DNS resolver. Specially crafted DNSSEC answers could lead unbound down a very CPU intensive and time costly DNSSEC (CVE-2023-50387) or NSEC3 hash (CVE-2023-50868) validation path, resulting in denial of service.

Ubuntu Security Notice USN-6608-2

Ubuntu Security Notice 6608-2 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate the server frame size in certain situation, leading to an out-of-bounds read vulnerability. An attacker could use this to construct a malicious CIFS image that, when operated on, could cause a denial of service or possibly expose sensitive information. Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6626-2

Ubuntu Security Notice 6626-2 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

Red Hat Security Advisory 2024-0814-03

Red Hat Security Advisory 2024-0814-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.