Aggregator

CVE-2024-35824 | Linux Kernel up to 6.1.83/6.6.23/6.7.11 drivers/regulator/core.c lis3lv02d_i2c_suspend information disclosure (Nessus ID 210815 / WID-SEC-2024-1188)

Vuldb Updates
8 months 3 weeks ago
A vulnerability described as problematic has been identified in Linux Kernel up to 6.1.83/6.6.23/6.7.11. Affected is the function lis3lv02d_i2c_suspend of the file drivers/regulator/core.c. Executing manipulation can lead to information disclosure. The identification of this vulnerability is CVE-2024-35824. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

Bridging the Gap Between Security Teams and Tools

Security Boulevard
8 months 3 weeks ago

Craig Adams, chief product officer at Rapid7, discusses the growing complexity of security operations and how organizations can better align tools, teams and processes. Adams, a longtime technology leader, notes that one of the biggest pain points he hears from customers is tool sprawl. Security teams are drowning in dashboards, alerts, and integrations—each product designed..

The post Bridging the Gap Between Security Teams and Tools appeared first on Security Boulevard.

Alan Shimel

This Time, I Had Something Special to Offer

Security Boulevard
8 months 3 weeks ago

The call came from a Fortune 20 customer yesterday morning. “Hey, Vinay, we’re getting flooded with noise about these two new Cisco ASA/FTD vulnerabilities that CISA posted the emergency advisory on. We are seeing a ton of inconsistent information, would like something to put it together for an exec view. Some enterprises are shutting down …

Read More

The post This Time, I Had Something Special to Offer appeared first on Security Boulevard.

Vinay Sridhara

Researchers Expose Phishing Threats Distributing CountLoader and PureRAT

The Hackers News
8 months 3 weeks ago
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner. "The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments," Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with The
The Hacker News

yt-dlp 将需要安装 JS 运行时 Deno

Solidot
8 months 3 weeks ago
广泛使用的 YouTube 视频下载工具 yt-dlp 项目宣布,为了工具正常工作未来将需要安装 Deno 或其它支持的 JavaScript 运行时,原因是 YouTube 设置了越来越多的障碍,项目目前使用的 JavaScript 解释器越来越力不从心,必须使用真正的 JavaScript 运行时。推荐使用 Deno 是因为它是完全独立的单一可执行文件,默认沙盒化,不允许文件系统或网络访问。开发者同时指出,YouTube 未来将对所有客户端强制执行 proof-of-origin (PO) token,超出了 yt-dlp 现有的 JavaScript 功能能力范围。

CVE-2024-35860 | Linux Kernel up to 6.6.25/6.8.4 bpf_link_free cookie null pointer dereference (876941f533e7/5d8d44777756/1a80dbcb2dba)

Vuldb Updates
8 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.25/6.8.4. This affects the function bpf_link_free. Performing manipulation of the argument cookie results in null pointer dereference. This vulnerability is cataloged as CVE-2024-35860. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2024-35803 | Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2 efistub allocation of resources (WID-SEC-2024-1188)

Vuldb Updates
8 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2. This affects an unknown part of the component efistub. This manipulation causes allocation of resources. This vulnerability is tracked as CVE-2024-35803. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2024-35826 | Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2 Page Refcount __bio_release_pages memory leak (WID-SEC-2024-1188)

Vuldb Updates
8 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2. This affects the function __bio_release_pages of the component Page Refcount Handler. The manipulation leads to memory leak. This vulnerability is referenced as CVE-2024-35826. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2024-35841 | Linux Kernel up to 6.6.13/6.7.1 net __sk_msg_free iteration (02e368eb1444/294e7ea85f34/dc9dfc8dc629 / WID-SEC-2024-1188)

Vuldb Updates
8 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.6.13/6.7.1. This impacts the function __sk_msg_free of the component net. This manipulation causes excessive iteration. This vulnerability is handled as CVE-2024-35841. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2024-35844 | Linux Kernel up to 5.15.152/6.1.82/6.6.22/6.7.10/6.8.1 f2fs reserve_cblocks denial of service (Nessus ID 239850 / WID-SEC-2024-1188)

Vuldb Updates
8 months 3 weeks ago
A vulnerability classified as critical was found in Linux Kernel up to 5.15.152/6.1.82/6.6.22/6.7.10/6.8.1. This affects the function reserve_cblocks of the component f2fs. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-35844. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2023-52868 | Linux Kernel up to 6.6.1 thermal ida_alloc buffer overflow (Nessus ID 235071)

Vuldb Updates
8 months 3 weeks ago
A vulnerability has been found in Linux Kernel up to 6.6.1 and classified as critical. This vulnerability affects the function ida_alloc of the component thermal. Performing manipulation results in buffer overflow. This vulnerability was named CVE-2023-52868. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2024-35831 | Linux Kernel up to 6.6.22/6.7.10/6.8.1 io_uring memory leak (Nessus ID 210815 / WID-SEC-2024-1188)

Vuldb Updates
8 months 3 weeks ago
A vulnerability was found in Linux Kernel up to 6.6.22/6.7.10/6.8.1. It has been classified as problematic. This impacts an unknown function of the component io_uring. This manipulation causes memory leak. This vulnerability is registered as CVE-2024-35831. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2024-35810 | Linux Kernel up to 6.6.23/6.7.11/6.8.2 vmwgfx vmw_plane_state buffer overflow (Nessus ID 210815 / WID-SEC-2024-1188)

Vuldb Updates
8 months 3 weeks ago
A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.23/6.7.11/6.8.2. This affects the function vmw_plane_state of the component vmwgfx. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2024-35810. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2024-42103 | Linux Kernel up to 5.15.162/6.1.97/6.6.38/6.9.8 btrfs_delete_unused_bgs allocation of resources (Nessus ID 210060 / WID-SEC-2024-1722)

Vuldb Updates
8 months 3 weeks ago
A vulnerability described as problematic has been identified in Linux Kernel up to 5.15.162/6.1.97/6.6.38/6.9.8. Impacted is the function btrfs_delete_unused_bgs. The manipulation results in allocation of resources. This vulnerability is known as CVE-2024-42103. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2023-52853 | Linux Kernel up to 6.6.1 cp2112 workqueue.c initialization (Nessus ID 209785)

Vuldb Updates
8 months 3 weeks ago
A vulnerability classified as problematic was found in Linux Kernel up to 6.6.1. This affects an unknown function of the file workqueue.c of the component cp2112. Executing manipulation can lead to improper initialization. This vulnerability is handled as CVE-2023-52853. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2024-42105 | Linux Kernel up to 6.9.8 nilfs2 use after free (Nessus ID 207802 / WID-SEC-2024-1722)

Vuldb Updates
8 months 3 weeks ago
A vulnerability was found in Linux Kernel up to 6.9.8. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the component nilfs2. This manipulation causes use after free. This vulnerability is registered as CVE-2024-42105. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.
vuldb.com

Pear

Dark Feed IO
8 months 3 weeks ago

You must login to view this content

cohenido

Managed ad