Aggregator

A vulnerability described as critical has been identified in Linux Kernel up to 6.6.22/6.7.10/6.8.1. This affects an unknown function of the component iwlwifi. The manipulation results in denial of service. This vulnerability is reported as CVE-2024-27434. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.6.71/6.12.9. Impacted is an unknown function of the component hwmon. Such manipulation leads to uninitialized pointer. This vulnerability is uniquely identified as CVE-2025-21656. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.12.4. Impacted is the function iommufd_fault_alloc in the library lib/refcount.c. The manipulation leads to improper update of reference count. This vulnerability is listed as CVE-2024-56624. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.71/6.5.12/6.6.2. It has been classified as critical. Affected by this issue is the function bio_integrity_prep of the component blk-mq. This manipulation causes denial of service. This vulnerability is registered as CVE-2023-52787. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.1.124/6.6.71/6.12.9. It has been rated as problematic. Affected by this vulnerability is the function cmd_alloc_index. Performing manipulation results in allocation of resources. This vulnerability is reported as CVE-2025-21662. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.11.6. The impacted element is the function dup_userfaultfd_complete of the component fork. Such manipulation leads to improper update of reference count. This vulnerability is traded as CVE-2024-50220. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.6.23/6.7.11/6.8.2. This issue affects the function sb_index of the component md-bitmap. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2024-35787. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.7.11/6.8.2 and classified as critical. This affects an unknown function of the component dm-raid. Performing manipulation results in deadlock. This vulnerability is known as CVE-2024-35794. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.1.83/6.6.23/6.7.11. Affected is the function lis3lv02d_i2c_suspend of the file drivers/regulator/core.c. Executing manipulation can lead to information disclosure. The identification of this vulnerability is CVE-2024-35824. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

Craig Adams, chief product officer at Rapid7, discusses the growing complexity of security operations and how organizations can better align tools, teams and processes. Adams, a longtime technology leader, notes that one of the biggest pain points he hears from customers is tool sprawl. Security teams are drowning in dashboards, alerts, and integrations—each product designed..

The post Bridging the Gap Between Security Teams and Tools appeared first on Security Boulevard.

The call came from a Fortune 20 customer yesterday morning. “Hey, Vinay, we’re getting flooded with noise about these two new Cisco ASA/FTD vulnerabilities that CISA posted the emergency advisory on. We are seeing a ton of inconsistent information, would like something to put it together for an exec view. Some enterprises are shutting down …

Read More

The post This Time, I Had Something Special to Offer appeared first on Security Boulevard.

Microsoft is investigating a known issue that triggers Outlook errors when opening encrypted emails sent from other organizations. [...]

A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner. "The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments," Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with The

广泛使用的 YouTube 视频下载工具 yt-dlp 项目宣布，为了工具正常工作未来将需要安装 Deno 或其它支持的 JavaScript 运行时，原因是 YouTube 设置了越来越多的障碍，项目目前使用的 JavaScript 解释器越来越力不从心，必须使用真正的 JavaScript 运行时。推荐使用 Deno 是因为它是完全独立的单一可执行文件，默认沙盒化，不允许文件系统或网络访问。开发者同时指出，YouTube 未来将对所有客户端强制执行 proof-of-origin (PO) token，超出了 yt-dlp 现有的 JavaScript 功能能力范围。

Один марсоход стоит миллионы, они пройдут 2800 км красной пустыни за копейки.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.25/6.8.4. This affects the function bpf_link_free. Performing manipulation of the argument cookie results in null pointer dereference. This vulnerability is cataloged as CVE-2024-35860. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2. This affects an unknown part of the component efistub. This manipulation causes allocation of resources. This vulnerability is tracked as CVE-2024-35803. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2. This affects the function __bio_release_pages of the component Page Refcount Handler. The manipulation leads to memory leak. This vulnerability is referenced as CVE-2024-35826. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.6.13/6.7.1. This impacts the function __sk_msg_free of the component net. This manipulation causes excessive iteration. This vulnerability is handled as CVE-2024-35841. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.15.152/6.1.82/6.6.22/6.7.10/6.8.1. This affects the function reserve_cblocks of the component f2fs. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-35844. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.