Security Pop Quiz! q127.mp3

News

Packet Storm Security

Security Affairs Looking Glass Cyber
    securingtomorrow.mcafee.com
      Quick Heal Threat Post Naked Security
        ESET CIS Malware Patrol SecList MySonicWall

        Critical Infrastructure

        Case Studies

        Tools

        Exploits

        Last 20 Website Defacements - Zone-h

          Press Play to hear the answer!

          Advisories

          • Debian Security Advisory 5569-1 Fri, 01 Dec 2023 14:32:22 GMT
            Debian Linux Security Advisory 5569-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
          • Ubuntu Security Notice USN-6502-4 Fri, 01 Dec 2023 14:30:52 GMT
            Ubuntu Security Notice 6502-4 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
          • Ubuntu Security Notice USN-6496-2 Fri, 01 Dec 2023 14:30:35 GMT
            Ubuntu Security Notice 6496-2 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
          • Ubuntu Security Notice USN-6495-2 Fri, 01 Dec 2023 14:30:18 GMT
            Ubuntu Security Notice 6495-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
          • Ubuntu Security Notice USN-6494-2 Fri, 01 Dec 2023 14:30:03 GMT
            Ubuntu Security Notice 6494-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
          • Red Hat Security Advisory 2023-7617-02 Fri, 01 Dec 2023 14:28:59 GMT
            Red Hat Security Advisory 2023-7617-02 - Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available.
          • Red Hat Security Advisory 2023-7616-01 Fri, 01 Dec 2023 14:28:41 GMT
            Red Hat Security Advisory 2023-7616-01 - An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
          • Red Hat Security Advisory 2023-7341-01 Fri, 01 Dec 2023 14:28:33 GMT
            Red Hat Security Advisory 2023-7341-01 - An update is now available for Red Hat Quay 3.
          • Ubuntu Security Notice USN-6527-1 Thu, 30 Nov 2023 12:44:46 GMT
            Ubuntu Security Notice 6527-1 - Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions. It was discovered that OpenJDK did not properly perform PKIX certification path validation in certain situations. An attacker could use this to cause a denial of service.
          • Ubuntu Security Notice USN-6528-1 Thu, 30 Nov 2023 12:44:31 GMT
            Ubuntu Security Notice 6528-1 - It was discovered that the HotSpot VM implementation in OpenJDK did not properly validate bytecode blocks in certain situations. An attacker could possibly use this to cause a denial of service. Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions.
          • Ubuntu Security Notice USN-6526-1 Thu, 30 Nov 2023 12:44:08 GMT
            Ubuntu Security Notice 6526-1 - It was discovered that GStreamer Bad Plugins incorrectly handled certain media files. A remote attacker could use this issue to cause GStreamer Bad Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code.
          • Ubuntu Security Notice USN-6519-2 Thu, 30 Nov 2023 12:43:38 GMT
            Ubuntu Security Notice 6519-2 - USN-6519-1 added IMDSv2 support to EC2 hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS. The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended.
          • Ubuntu Security Notice USN-6525-1 Thu, 30 Nov 2023 12:43:26 GMT
            Ubuntu Security Notice 6525-1 - Nicky Mouha discovered that pysha incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause pysha3 to crash, resulting in a denial of service, or possibly execute arbitrary code.
          • Ubuntu Security Notice USN-6524-1 Thu, 30 Nov 2023 12:42:56 GMT
            Ubuntu Security Notice 6524-1 - Nicky Mouha discovered that PyPy incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause PyPy to crash, resulting in a denial of service, or possibly execute arbitrary code.
          • Ubuntu Security Notice USN-6522-1 Thu, 30 Nov 2023 12:42:27 GMT
            Ubuntu Security Notice 6522-1 - It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that FreeRDP incorrectly handled certain surface updates. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.
          • Ubuntu Security Notice USN-6521-1 Thu, 30 Nov 2023 12:42:08 GMT
            Ubuntu Security Notice 6521-1 - It was discovered that GIMP incorrectly handled certain image files. If a user were tricked into opening a specially crafted image, an attacker could use this issue to cause GIMP to crash, resulting in a denial of service, or possibly execute arbitrary code.
          • Ubuntu Security Notice USN-6523-1 Thu, 30 Nov 2023 12:41:29 GMT
            Ubuntu Security Notice 6523-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code.
          • Red Hat Security Advisory 2023-7587-01 Thu, 30 Nov 2023 12:38:58 GMT
            Red Hat Security Advisory 2023-7587-01 - An update is now available for IBM Business Automation Manager Open Editions including images for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.
          • Red Hat Security Advisory 2023-7581-01 Thu, 30 Nov 2023 12:38:37 GMT
            Red Hat Security Advisory 2023-7581-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
          • Red Hat Security Advisory 2023-7580-01 Thu, 30 Nov 2023 12:38:26 GMT
            Red Hat Security Advisory 2023-7580-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
          • Red Hat Security Advisory 2023-7579-01 Thu, 30 Nov 2023 12:38:13 GMT
            Red Hat Security Advisory 2023-7579-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.
          • Red Hat Security Advisory 2023-7578-01 Thu, 30 Nov 2023 12:38:00 GMT
            Red Hat Security Advisory 2023-7578-01 - An update for squid is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a denial of service vulnerability.
          • Red Hat Security Advisory 2023-7577-01 Thu, 30 Nov 2023 12:37:46 GMT
            Red Hat Security Advisory 2023-7577-01 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
          • Red Hat Security Advisory 2023-7576-01 Thu, 30 Nov 2023 12:37:33 GMT
            Red Hat Security Advisory 2023-7576-01 - An update for squid is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a denial of service vulnerability.
          • Red Hat Security Advisory 2023-7574-01 Thu, 30 Nov 2023 12:37:21 GMT
            Red Hat Security Advisory 2023-7574-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.