News

Looking Glass Cyber
    Malware Patrol SecList
    • An educational robot security research
      Security research into an AI robot for kids revealed several vulnerabilities enabling a cybercriminal to take over device control and to video-chat with the kid.
    securingtomorrow.mcafee.com
      Quick Heal Threat Post Naked Security
        Security Affairs

        Security Awareness Tips of the week

          Exploits

          Last 20 Website Defacements - Zone-h

            Advisories

            Symantec Packet Stoem Security

            • Ubuntu Security Notice USN-6668-1 Wed, 28 Feb 2024 16:02:04 GMT
              Ubuntu Security Notice 6668-1 - It was discovered that when python-openstackclient attempted to delete a non-existing access rule, it would delete another existing access rule instead, contrary to expectations.
            • Ubuntu Security Notice USN-6667-1 Wed, 28 Feb 2024 16:01:53 GMT
              Ubuntu Security Notice 6667-1 - It was discovered that Cpanel-JSON-XS incorrectly decoded certain data. A remote attacker could use this issue to cause Cpanel-JSON-XS to crash, resulting in a denial of service, or possibly obtain sensitive information.
            • Ubuntu Security Notice USN-6666-1 Wed, 28 Feb 2024 16:01:34 GMT
              Ubuntu Security Notice 6666-1 - It was discovered that libuv incorrectly truncated certain hostnames. A remote attacker could possibly use this issue with specially crafted hostnames to bypass certain checks.
            • Ubuntu Security Notice USN-6665-1 Wed, 28 Feb 2024 15:57:47 GMT
              Ubuntu Security Notice 6665-1 - Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Unbound incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service. It was discovered that Unbound incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service.
            • Debian Security Advisory 5633-1 Wed, 28 Feb 2024 15:57:32 GMT
              Debian Linux Security Advisory 5633-1 - It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against Knot Resolver, a caching, DNSSEC- validating DNS resolver.
            • Ubuntu Security Notice USN-6644-2 Wed, 28 Feb 2024 15:57:17 GMT
              Ubuntu Security Notice 6644-2 - USN-6644-1 fixed vulnerabilities in LibTIFF. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service. It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to consume resources, resulting in a denial of service.
            • Ubuntu Security Notice USN-6664-1 Wed, 28 Feb 2024 15:57:04 GMT
              Ubuntu Security Notice 6664-1 - It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a crash or execute arbitrary commands.
            • Red Hat Security Advisory 2024-1019-03 Wed, 28 Feb 2024 15:54:47 GMT
              Red Hat Security Advisory 2024-1019-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer, privilege escalation, and use-after-free vulnerabilities.
            • Red Hat Security Advisory 2024-1018-03 Wed, 28 Feb 2024 15:54:40 GMT
              Red Hat Security Advisory 2024-1018-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer, privilege escalation, and use-after-free vulnerabilities.
            • Red Hat Security Advisory 2024-1017-03 Wed, 28 Feb 2024 15:54:23 GMT
              Red Hat Security Advisory 2024-1017-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
            • Red Hat Security Advisory 2024-1013-03 Wed, 28 Feb 2024 15:54:14 GMT
              Red Hat Security Advisory 2024-1013-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.
            • Red Hat Security Advisory 2024-1007-03 Wed, 28 Feb 2024 15:54:05 GMT
              Red Hat Security Advisory 2024-1007-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.
            • Red Hat Security Advisory 2024-1004-03 Wed, 28 Feb 2024 15:53:56 GMT
              Red Hat Security Advisory 2024-1004-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.
            • Red Hat Security Advisory 2024-0999-03 Wed, 28 Feb 2024 15:53:33 GMT
              Red Hat Security Advisory 2024-0999-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a use-after-free vulnerability.
            • Red Hat Security Advisory 2024-0954-03 Wed, 28 Feb 2024 15:53:19 GMT
              Red Hat Security Advisory 2024-0954-03 - The components for Red Hat OpenShift for Windows Containers 10.15.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Issues addressed include a privilege escalation vulnerability.
            • Red Hat Security Advisory 2024-0948-03 Wed, 28 Feb 2024 15:51:14 GMT
              Red Hat Security Advisory 2024-0948-03 - Red Hat OpenShift Container Platform release 4.13.35 is now available with updates to packages and images that fix several bugs and add enhancements.
            • Red Hat Security Advisory 2024-0946-03 Wed, 28 Feb 2024 15:51:01 GMT
              Red Hat Security Advisory 2024-0946-03 - Red Hat OpenShift Container Platform release 4.13.35 is now available with updates to packages and images that fix several bugs and add enhancements.
            • Red Hat Security Advisory 2024-0944-03 Wed, 28 Feb 2024 15:47:22 GMT
              Red Hat Security Advisory 2024-0944-03 - Red Hat OpenShift Container Platform release 4.14.14 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a cross site scripting vulnerability.
            • Red Hat Security Advisory 2024-0941-03 Wed, 28 Feb 2024 15:47:14 GMT
              Red Hat Security Advisory 2024-0941-03 - Red Hat OpenShift Container Platform release 4.14.14 is now available with updates to packages and images that fix several bugs and add enhancements.
            • Red Hat Security Advisory 2024-0766-03 Wed, 28 Feb 2024 15:45:54 GMT
              Red Hat Security Advisory 2024-0766-03 - Red Hat OpenShift Container Platform release 4.15.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
            • Red Hat Security Advisory 2024-0269-03 Wed, 28 Feb 2024 15:45:15 GMT
              Red Hat Security Advisory 2024-0269-03 - An update for run-once-duration-override-container, run-once-duration-override-operator-bundle-container, and run-once-duration-override-operator-container is now available for RODOO-1.1-RHEL-9. Issues addressed include a denial of service vulnerability.
            • Gentoo Linux Security Advisory 202402-33 Tue, 27 Feb 2024 15:16:09 GMT
              Gentoo Linux Security Advisory 202402-33 - A vulnerability has been found in PyYAML which can lead to arbitrary code execution. Versions greater than or equal to 5.4 are affected.
            • Ubuntu Security Notice USN-6663-1 Tue, 27 Feb 2024 15:15:57 GMT
              Ubuntu Security Notice 6663-1 - As a security improvement, this update prevents OpenSSL from returning an error when detecting wrong padding in PKCS#1 v1.5 RSA, to prevent its use in possible Bleichenbacher timing attacks.
            • Ubuntu Security Notice USN-6305-2 Tue, 27 Feb 2024 15:15:44 GMT
              Ubuntu Security Notice 6305-2 - USN-6305-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
            • Ubuntu Security Notice USN-6662-1 Tue, 27 Feb 2024 15:15:32 GMT
              Ubuntu Security Notice 6662-1 - Yi Yang discovered that the Hotspot component of OpenJDK 21 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 21 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.