112 matches found
USN-7496-3 linux-azure, linux-azure-4.15 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Character device driver; - Hardware crypto device drivers; - GPU drivers; - Media drivers;...
Moderate: Red Hat Security Advisory: qemu-kvm security update
An update for qemu-kvm is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
CVE-2025-30390
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network...
Why is Ransomware Still a Thing in 2025?
When was the last time you had a serious conversation about cybersecurity that didn’t touch on ransomware? We all know that it’s one of the most persistent and damaging threats out there. Yet, this isn’t because it’s new—ransomware’s been around since 1989—but because we are making it far too eas...
KB5055547: Windows 10 LTS 1507 Security Update (April 2025)
The remote Windows host is missing security update 5055547. It is, therefore, affected by multiple vulnerabilities - Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. CVE-2025-27481 - Use after free in Windows LDAP - Lightweig...
One mighty fine-looking report
Welcome to this week's edition of the Threat Source newsletter. They say art is subjective, but have you ever seen a well-formatted bar chart? Van Gogh had Starry Night , but Talos' 2024 Year in Review available now! has color-coded data with perfect labels. True beauty. If you haven't yet had a...
Available now: 2024 Year in Review
Welcome to Cisco Talos' 2024 Year in Review, available for download now. This report is powered by threat telemetry from over 46 million global devices across 193 countries and regions, amounting to more than 886 billion security events per day. Explore key insights in topics including the top...
CLSA-2025-1742319829 Fix of 27 CVEs
CVE-url: https://ubuntu.com/security/CVE-2023-52522 - net: fix possible store tearing in neighperiodicwork CVE-url: https://ubuntu.com/security/CVE-2024-40911 - wifi: cfg80211: Lock wiphy in cfg80211getstation CVE-url: https://ubuntu.com/security/CVE-2024-43863 - drm/vmwgfx: Fix a deadlock in dma...
SUSE-SU-2024:4242-1 Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-15020024183 fixes several issues. The following security issues were fixed: - CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. - CVE-2024-43861: Fix memory leak for not ip packets bsc1229553. - CVE-2021-47600: dm btree remove: fix us...
Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks
A joint advisory issued by Australia, Canada, New Zealand, and the U.S. has warned of a broad cyber espionage campaign undertaken by People's Republic of China PRC-affiliated threat actors targeting telecommunications providers. "Identified exploitations or compromises associated with these threa...
Security update for the Linux Kernel RT (Live Patch 11 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001338 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memor...
OESA-2024-2394 openjdk-1.8.0 security update
The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4,...
A malicious gguf model can lead to DoS due to unchecked array bound access via network
This report is not public...
AlmaLinux 9 : kernel (ALSA-2024:8617)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:8617 advisory. hw: cpu: intel: Native Branch History Injection BHI CVE-2024-2201 kernel: tcp: add sanity checks to rx zerocopy CVE-2024-26640 kernel: mptcp: fix data...
XenServer and Citrix Hypervisor Security Update for CVE-2024-45817
XenServer and Citrix Hypervisor Security Update Description of Problem An issue has been identified that affects both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR and allow a malicious administrator of a guest VM to cause the host to crash or become unresponsive. This issue has the following...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2024-12581)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12581 advisory. - net/mlx5e: drop shorter ethernet frames Manjunath Patil Orabug: 36879157 CVE-2024-41090 CVE-2024-41091 - netfilter: ipset: Fix race between...
Sysrv Harnessing Google Subdomains to Circulate XMRig
Summary: Sysrv, an advanced botnet, employs a Golang worm to infiltrate devices and distribute XMRig cryptocurrency miners, leveraging network vulnerabilities and undergoing constant evolution through operator refinement. Threat Level - Red | Attack Report For a detailed threat advisory, download...
CISA, FBI, and MS-ISAC Release Update to Joint Guidance on Distributed Denial-of-Service Techniques
Today, CISA, the Federal Bureau of Investigation FBI, and the Multi-State Information Sharing and Analysis Center MS-ISAC released an updated joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, to address the specific needs and challenges faced by organizations in...
CVE-2024-21498
All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery SSRF via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by...
kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route
This record is a duplicate of CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208. Do not use this CVE record: CVE-2023-4128...