Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Red Hat Security Advisory 2024-9333-03

Red Hat Security Advisory 2024-9333-03 - An update for openssl and openssl-fips-provider is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

Packet Storm
#vulnerability#linux#red_hat#js#ssl
Red Hat Security Advisory 2024-9088-03

Red Hat Security Advisory 2024-9088-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

CVE-2024-5535: OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread

**How could an attacker exploit this vulnerability?** Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim's machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N).

Ubuntu Security Notice USN-7100-1

Ubuntu Security Notice 7100-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Microsoft Bookings Flaw Enables Account Hijacking and Impersonation

A vulnerability in Microsoft Bookings can expose your organization to serious security risks. Learn how attackers can exploit…

Ubuntu Security Notice USN-7096-1

Ubuntu Security Notice 7096-1 - Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 8 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.

Red Hat Security Advisory 2024-8974-03

Red Hat Security Advisory 2024-8974-03 - Red Hat Advanced Cluster Management for Kubernetes 2.12.0 GA release images are now available, which contain security and bug fixes.

CISA Urges Patching of Critical Palo Alto Networks’ Expedition Tool Vulnerability

A critical security vulnerability in Palo Alto Networks’ Expedition tool is being actively exploited by hackers. CISA urges…

OpenSSL in Red Hat Enterprise Linux 10: From engines to providers

OpenSSL is a popular cryptographical toolkit with more than 20 years of history. For a long time, the only way to extend it was by using an "engine", which defines how a cryptographic algorithm is computed. This could include hardware devices and even new algorithms not included in the main library, but as OpenSSL evolved it became evident that the engines API was limiting. A new pluggable system, called a "provider", was introduced.What is a providerA provider, in OpenSSL terms, is a unit of code that provides one or more implementations of cryptographic operations, making new algorithms avai

New SteelFox Malware Posing as Popular Software to Steal Browser Data

SteelFox malware targets software pirates through fake activation tools, stealing credit card data and deploying crypto miners. Learn…