#vulnerability

Win32.STOP.Ransomware (smokeloader) malware suffers from both local and remote code execution vulnerabilities. The remote code execution can be achieved by leveraging a man-in-the-middle attack.

Since the main reason for the ban was to prevent car thefts that didn't happen, we're happy to see the change of heart.

Task Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

Ubuntu Security Notice 6708-1 - It was discovered that Graphviz incorrectly handled certain config6a files. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice 6709-1 - It was discovered that checking excessively long DH keys or parameters may be very slow. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. After the fix for CVE-2023-3446 Bernd Edlinger discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service.

Ubuntu Security Notice 6700-2 - It was discovered that the Layer 2 Tunneling Protocol implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle block device modification while it is mounted. A privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

Ubuntu Security Notice 6704-2 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.

By Waqas Using a Wordpress website? Lookout for Sign1 malware! This is a post from HackRead.com Read the original post: Thousands of WordPress Websites Hacked with New Sign1 Malware

Red Hat Security Advisory 2024-1473-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-1472-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a memory leak vulnerability.