Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

WordPress Slider Revolution 4.1.3 Directory Traversal

WordPress Slider Revolution plugin version 4.1.3 suffers from a directory traversal vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#wordpress#php#perl#auth#ruby#firefox
Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar

Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security solutions that don't properly validate the JAR file format," Deep Instinct security researcher

FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations

A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers said in a post-mortem analysis published this week. The

CVE-2023-23559: rndis_wlan: Prevent buffer overflow in rndis_query_oid

In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.

Software Supply Chain Security Needs a Bigger Picture

SBOMs aren't enough. OpenSSF's Alpha-Omega brings in new blood to help secure the open source projects most impactful to the software supply chain.

RHSA-2023:0163: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46364: Apache CXF: SSRF Vulnerability

CVE-2022-3977

A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system.