News

Looking Glass Cyber
    Malware Patrol SecList
    • Cinterion EHS5 3G UMTS/HSPA Module Research
      We performed the security analysis of a Telit Cinterion modem in course of a bigger project of security assessment of a popular model of a truck and found eight vulnerabilities.
    securingtomorrow.mcafee.com
      Quick Heal Threat Post Naked Security
        Security Affairs

        Security Awareness Tips of the week

          Exploits

          Last 20 Website Defacements - Zone-h

            Advisories

            Symantec Packet Stoem Security

            • Debian Security Advisory 5709-1 Thu, 13 Jun 2024 12:46:41 GMT
              Debian Linux Security Advisory 5709-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, the bypass of sandbox restrictions or an information leak.
            • Ubuntu Security Notice USN-6829-1 Thu, 13 Jun 2024 12:43:07 GMT
              Ubuntu Security Notice 6829-1 - It was discovered that matio incorrectly handled certain malformed files. An attacker could possibly use this issue to cause a denial of service.
            • Ubuntu Security Notice USN-6819-3 Thu, 13 Jun 2024 12:42:45 GMT
              Ubuntu Security Notice 6819-3 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.
            • Ubuntu Security Notice USN-6831-1 Thu, 13 Jun 2024 12:41:56 GMT
              Ubuntu Security Notice 6831-1 - It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
            • Red Hat Security Advisory 2024-3877-03 Thu, 13 Jun 2024 12:31:26 GMT
              Red Hat Security Advisory 2024-3877-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
            • Red Hat Security Advisory 2024-3875-03 Thu, 13 Jun 2024 12:31:15 GMT
              Red Hat Security Advisory 2024-3875-03 - An update for nghttp2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
            • Red Hat Security Advisory 2024-3700-03 Thu, 13 Jun 2024 12:31:03 GMT
              Red Hat Security Advisory 2024-3700-03 - Red Hat OpenShift Container Platform release 4.14.29 is now available with updates to packages and images that fix several bugs and add enhancements.
            • Debian Security Advisory 5708-1 Wed, 12 Jun 2024 14:00:45 GMT
              Debian Linux Security Advisory 5708-1 - Damian Poddebniak discovered that the Cyrus IMAP server didn't restrict memory allocation for some command arguments which may result in denial of service. This update backports new config directives which allow to configure limits, additional details can be found at.
            • Debian Security Advisory 5707-1 Wed, 12 Jun 2024 13:58:53 GMT
              Debian Linux Security Advisory 5707-1 - A buffer overflow was discovered in the MMS module of the VLC media player.
            • Ubuntu Security Notice USN-6830-1 Wed, 12 Jun 2024 13:57:10 GMT
              Ubuntu Security Notice 6830-1 - It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could use this issue to cause NetworkManager to crash, resulting in a denial of service, or possibly execute arbitrary code.
            • Ubuntu Security Notice USN-6819-2 Wed, 12 Jun 2024 13:56:50 GMT
              Ubuntu Security Notice 6819-2 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.
            • Ubuntu Security Notice USN-6821-3 Wed, 12 Jun 2024 13:56:35 GMT
              Ubuntu Security Notice 6821-3 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
            • Ubuntu Security Notice USN-6820-2 Wed, 12 Jun 2024 13:56:17 GMT
              Ubuntu Security Notice 6820-2 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.
            • Ubuntu Security Notice USN-6828-1 Wed, 12 Jun 2024 13:56:01 GMT
              Ubuntu Security Notice 6828-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
            • Ubuntu Security Notice USN-6826-1 Wed, 12 Jun 2024 13:55:47 GMT
              Ubuntu Security Notice 6826-1 - Karl von Randow discovered that mod_jk was vulnerable to an authentication bypass. If the configuration did not provide explicit mounts for all possible proxied requests, an attacker could possibly use this vulnerability to bypass security constraints configured in httpd.
            • Ubuntu Security Notice USN-6823-1 Wed, 12 Jun 2024 13:55:32 GMT
              Ubuntu Security Notice 6823-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.37 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10, and Ubuntu 24.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
            • Apple Security Advisory 06-10-2024-1 Wed, 12 Jun 2024 13:55:07 GMT
              Apple Security Advisory 06-10-2024-1 - visionOS 1.2 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds read, and out of bounds write vulnerabilities.
            • Red Hat Security Advisory 2024-3859-03 Wed, 12 Jun 2024 13:51:32 GMT
              Red Hat Security Advisory 2024-3859-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.
            • Red Hat Security Advisory 2024-3855-03 Wed, 12 Jun 2024 13:51:22 GMT
              Red Hat Security Advisory 2024-3855-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include double free and use-after-free vulnerabilities.
            • Red Hat Security Advisory 2024-3854-03 Wed, 12 Jun 2024 13:51:13 GMT
              Red Hat Security Advisory 2024-3854-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include double free and use-after-free vulnerabilities.
            • Red Hat Security Advisory 2024-3846-03 Wed, 12 Jun 2024 13:51:04 GMT
              Red Hat Security Advisory 2024-3846-03 - An update for python-idna is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
            • Red Hat Security Advisory 2024-3843-03 Wed, 12 Jun 2024 13:50:54 GMT
              Red Hat Security Advisory 2024-3843-03 - An update for cockpit is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.
            • Red Hat Security Advisory 2024-3842-03 Wed, 12 Jun 2024 13:50:00 GMT
              Red Hat Security Advisory 2024-3842-03 - An update for c-ares is now available for Red Hat Enterprise Linux 9. Issues addressed include an out of bounds read vulnerability.
            • Red Hat Security Advisory 2024-3838-03 Wed, 12 Jun 2024 13:49:50 GMT
              Red Hat Security Advisory 2024-3838-03 - An update for ruby is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP response splitting and denial of service vulnerabilities.
            • Red Hat Security Advisory 2024-3837-03 Wed, 12 Jun 2024 13:49:42 GMT
              Red Hat Security Advisory 2024-3837-03 - An update for 389-ds-base is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.