News

Looking Glass Cyber
    Malware Patrol SecList
    • An educational robot security research
      Security research into an AI robot for kids revealed several vulnerabilities enabling a cybercriminal to take over device control and to video-chat with the kid.
    securingtomorrow.mcafee.com
      Quick Heal Threat Post Naked Security
        Security Affairs

        Security Awareness Tips of the week

          Exploits

          Last 20 Website Defacements - Zone-h

            Advisories

            Symantec Packet Stoem Security

            • Ubuntu Security Notice USN-6673-1 Mon, 04 Mar 2024 16:36:34 GMT
              Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.
            • Gentoo Linux Security Advisory 202403-03 Mon, 04 Mar 2024 16:31:49 GMT
              Gentoo Linux Security Advisory 202403-3 - Multiple vulnerabilities have been discovered in UltraJSON, the worst of which could lead to key confusion and value overwriting. Versions greater than or equal to 5.4.0 are affected.
            • Gentoo Linux Security Advisory 202403-02 Mon, 04 Mar 2024 16:28:59 GMT
              Gentoo Linux Security Advisory 202403-2 - Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 3.1.0 are affected.
            • Gentoo Linux Security Advisory 202403-01 Mon, 04 Mar 2024 16:26:14 GMT
              Gentoo Linux Security Advisory 202403-1 - A vulnerability has been discovered in Tox which may lead to remote code execution. Versions greater than or equal to 0.2.13 are affected.
            • Ubuntu Security Notice USN-6672-1 Mon, 04 Mar 2024 16:06:43 GMT
              Ubuntu Security Notice 6672-1 - Morgan Jones discovered that Node.js incorrectly handled certain inputs that leads to false positive errors during some cryptographic operations. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled certain inputs leaded to a untrusted search path vulnerability. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.
            • Ubuntu Security Notice USN-6669-1 Mon, 04 Mar 2024 15:57:59 GMT
              Ubuntu Security Notice 6669-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.
            • Red Hat Security Advisory 2024-1063-03 Mon, 04 Mar 2024 15:00:24 GMT
              Red Hat Security Advisory 2024-1063-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.
            • Ubuntu Security Notice USN-6671-1 Fri, 01 Mar 2024 16:26:39 GMT
              Ubuntu Security Notice 6671-1 - It was discovered that php-nyholm-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use this issue to perform an HTTP header injection attack.
            • Ubuntu Security Notice USN-6670-1 Fri, 01 Mar 2024 16:24:21 GMT
              Ubuntu Security Notice 6670-1 - It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack.
            • Ubuntu Security Notice USN-6653-3 Fri, 01 Mar 2024 16:22:13 GMT
              Ubuntu Security Notice 6653-3 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
            • Ubuntu Security Notice USN-6651-3 Fri, 01 Mar 2024 16:21:50 GMT
              Ubuntu Security Notice 6651-3 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
            • Ubuntu Security Notice USN-6647-2 Fri, 01 Mar 2024 16:21:35 GMT
              Ubuntu Security Notice 6647-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
            • Red Hat Security Advisory 2024-1062-03 Fri, 01 Mar 2024 16:09:14 GMT
              Red Hat Security Advisory 2024-1062-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.
            • Red Hat Security Advisory 2024-1061-03 Fri, 01 Mar 2024 16:09:05 GMT
              Red Hat Security Advisory 2024-1061-03 - An update is now available for Red Hat Satellite 6.13 for RHEL 8. Issues addressed include memory leak and server-side request forgery vulnerabilities.
            • Red Hat Security Advisory 2024-1060-03 Fri, 01 Mar 2024 16:08:57 GMT
              Red Hat Security Advisory 2024-1060-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.
            • Red Hat Security Advisory 2024-1059-03 Fri, 01 Mar 2024 16:08:49 GMT
              Red Hat Security Advisory 2024-1059-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.
            • Red Hat Security Advisory 2024-1058-03 Fri, 01 Mar 2024 16:08:40 GMT
              Red Hat Security Advisory 2024-1058-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a code execution vulnerability.
            • Red Hat Security Advisory 2024-1057-03 Fri, 01 Mar 2024 16:08:28 GMT
              Red Hat Security Advisory 2024-1057-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include crlf injection and denial of service vulnerabilities.
            • Red Hat Security Advisory 2024-1055-03 Fri, 01 Mar 2024 16:08:17 GMT
              Red Hat Security Advisory 2024-1055-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a privilege escalation vulnerability.
            • Red Hat Security Advisory 2024-1041-03 Fri, 01 Mar 2024 16:08:07 GMT
              Red Hat Security Advisory 2024-1041-03 - An update for go-toolset-1.19-golang is now available for Red Hat Developer Tools. Issues addressed include a denial of service vulnerability.
            • Debian Security Advisory 5634-1 Thu, 29 Feb 2024 15:02:09 GMT
              Debian Linux Security Advisory 5634-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
            • Ubuntu Security Notice USN-6653-2 Thu, 29 Feb 2024 14:59:52 GMT
              Ubuntu Security Notice 6653-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
            • Ubuntu Security Notice USN-6651-2 Thu, 29 Feb 2024 14:56:03 GMT
              Ubuntu Security Notice 6651-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
            • Red Hat Security Advisory 2024-1027-03 Thu, 29 Feb 2024 14:52:26 GMT
              Red Hat Security Advisory 2024-1027-03 - An update is now available for MTA-6.2-RHEL-8 and MTA-6.2-RHEL-9. Issues addressed include XML injection and denial of service vulnerabilities.
            • Ubuntu Security Notice USN-6648-2 Thu, 29 Feb 2024 14:52:01 GMT
              Ubuntu Security Notice 6648-2 - It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service.