Lucene search
K

151 matches found

The Hacker News
The Hacker News
added 2024/05/21 1:7 p.m.12 views

SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure

The persistent threat actors behind the SolarMarker information-stealing malware have established a multi-tiered infrastructure to complicate law enforcement takedown efforts, new findings from Recorded Future show. "The core of SolarMarker's operations is its layered infrastructure, which consis...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/04/30 5:6 p.m.5 views

kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c

An information leak vulnerability was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capparseconfreq function. An attacker with physical access within the range of standard Bluetooth transmission could use thi...

6.5CVSS6.7AI score0.00395EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/03/13 9:11 a.m.5 views

kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c

A flaw was found in l2capsockrelease in net/bluetooth/l2capsock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled...

7.8CVSS6.8AI score0.0056EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/03/12 12:56 a.m.4 views

kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c

A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...

8.8CVSS6.9AI score0.02014EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2023/11/18 12:0 a.m.60 views

java-21-openjdk security and bug fix update

1:21.0.1.0.12-2.0.1 - Add Oracle vendor bug URL 1:21.0.1.0.12-2 - Switch to using portable binaries built on RHEL 7 - Sync the copy of the portable specfile with the RHEL 7 version - Related: RHEL-12997 1:21.0.1.0.12-1 - Update to jdk-21.0.1.0+12 GA - Update release notes to 21.0.1.0+12 - Sync th...

5.3CVSS5.5AI score0.014EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/11/08 11:3 a.m.20 views

squid: Request/Response smuggling in HTTP/1.1 and ICAP

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

9.3CVSS5.9AI score0.05255EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/08 10:34 a.m.31 views

squid: Request/Response smuggling in HTTP/1.1 and ICAP

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

9.3CVSS5.9AI score0.05255EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/08 10:31 a.m.8 views

squid: Request/Response smuggling in HTTP/1.1 and ICAP

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

9.3CVSS5.9AI score0.05255EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/02 9:47 a.m.24 views

squid: Request/Response smuggling in HTTP/1.1 and ICAP

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

9.3CVSS5.9AI score0.05255EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/08/08 8:34 a.m.6 views

kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c

A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capconnect and l2capleconnectreq functions. An attacker with physical access within the range of standard Bluetooth transmission could...

8.8CVSS6.8AI score0.02014EPSS
Exploits0References5
Rapid7 Blog
Rapid7 Blog
added 2023/07/18 12:0 p.m.15 views

Managing Risk Across Hybrid Environments with Executive Risk View

Over the last decade or so, organizations of all shapes and sizes across all industries have been going through a seismic shift in the way they engage with their customers and deliver their solutions to the market. These new delivery models are often underpinned by cloud services, which can chang...

6.9AI score
Exploits0
OSV
OSV
added 2023/07/06 9:37 p.m.7 views

CLSA-2023-1688679460 Update of tzdata

Upgrade to tzdata-2023c code and data are identical to 2023a - Egypt now uses DST again, from April through October. - This year Morocco springs forward April 23, not April 30. - Palestine delays the start of DST this year. - Much of Greenland still uses DST from 2024 on. - America/Yellowknife...

5.8AI score
Exploits0References1
OSV
OSV
added 2023/07/06 8:38 p.m.8 views

CLSA-2023-1688675879 Update of tzdata

Upgrade to tzdata-2023c code and data are identical to 2023a - Egypt now uses DST again, from April through October. - This year Morocco springs forward April 23, not April 30. - Palestine delays the start of DST this year. - Much of Greenland still uses DST from 2024 on. - America/Yellowknife...

5.8AI score
Exploits0References1
Metasploit
Metasploit
added 2023/05/18 7:52 p.m.240 views

TFTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an x64 payload from a TFTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/tftp/x64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...

7.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/05/16 8:43 a.m.7 views

kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c

A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges...

7.1CVSS6.6AI score0.0129EPSS
Exploits0References5
OSV
OSV
added 2023/02/28 11:20 p.m.86 views

GHSA-4W59-C3GC-RRHP vantage6 refresh tokens do not expire

From issue: Problem description Currently, the refresh token is valid indefinitely. This is bad security practice. Desired solution The refresh token should get a validity of 24-48 hours. Additional context When implementing this, also check that the refresh token returns a new refresh token When...

8.8CVSS8.6AI score0.00571EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.4 views

SUSE CVE-2012-6544

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the 1 L2CAP or 2 HCI implementation...

1.9CVSS5.9AI score0.00368EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2023/02/03 3:3 p.m.48 views

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Some of the notable malware families that are being distributed using this method include AsyncRAT,...

0.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2022/12/15 2:30 a.m.15 views

Reimagining Democracy

Last week, I hosted a two-day workshop on reimagining democracy. The idea was to bring together people from a variety of disciplines who are all thinking about different aspects of democracy, less from a "what we need to do today" perspective and more from a blue-sky future perspective. My remit ...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.4 views

WithSecure products 安全漏洞

WithSecure products is a line of security software from the Finnish company WithSecure. A security vulnerability exists in WithSecure that stems from a denial-of-service DoS vulnerability found in the fsicapd component, which could cause the service to crash while parsing ICAP requests...

7.5CVSS7.2AI score0.00386EPSS
Exploits0References2
Rows per page
Query Builder