kernel: PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()

In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid pcidevlock AB/BA deadlock with sriovnumvfsstore The sysfs sriovnumvfsstore path acquires the device lock before the config space access lock: sriovnumvfsstore devicelock A 1 acquire device lock sriovconfigure...

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

SUSE CVE-2022-36109

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use...

GSD-2023-1002293 f2fs: let's avoid panic if extent_tree is not created

f2fs: let's avoid panic if extenttree is not created This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.304 by commit...

GSD-2023-1002270 f2fs: let's avoid panic if extent_tree is not created

f2fs: let's avoid panic if extenttree is not created This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.271 by commit...

GSD-2023-1002179 f2fs: let's avoid panic if extent_tree is not created

f2fs: let's avoid panic if extenttree is not created This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.165 by commit...

Hacking the Tax Code

The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input--financial information for the year--and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and speci...

GSD-2023-1001811 f2fs: let's avoid panic if extent_tree is not created

f2fs: let's avoid panic if extenttree is not created This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.230 by commit...

GSD-2023-1001784 f2fs: let's avoid panic if extent_tree is not created

f2fs: let's avoid panic if extenttree is not created This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.165 by commit...

Malicious Package

Overview ban-notifier is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

FreeBSD : phpmyfaq -- multiple vulnerabilities (005dfb48-990d-11ed-b9d3-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 005dfb48-990d-11ed-b9d3-589cfc0f81b0 advisory. - phpmyfaq developers report: phpMyFAQ does not implement sufficient checks to avoid a stored XSS in Ad...

CVE-2022-47547

GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score and thus not be pruned from the network even though it continuously misbehaves by never forwarding topic messages...

Navigating the road ahead for CISOs following the Uber verdict

Hear from industry experts to understand the challenges ahead and best practices CISOs can follow to avoid issues in the future...

GSD-2022-1007666 ext4: avoid crash when inline data creation follows DIO write

ext4: avoid crash when inline data creation follows DIO write This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.331 by commit...

GSD-2022-1007531 ext4: avoid crash when inline data creation follows DIO write

ext4: avoid crash when inline data creation follows DIO write This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.262 by commit...

PT-2022-5501

Name of the Vulnerable Software and Affected Versions Windows versions prior to the fixed version Description The issue is related to errors in security settings of the Netlogon Remote Protocol MS-NRPC implementation in Windows operating systems. This allows a remote attacker to elevate their...

SUSE-SU-2022:3750-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: cobbler: - Consider case of 'nextserver' being a hostname during migration of Cobbler collections. - Fix problem with 'proxyurlext' setting being None type. - Fix settings migration schema to work while upgrading on existing running Uyuni and SUSE Manager...

Fake tractor fraudsters plague online transactions

The agriculture sector has been under fire from digital attacks for some time now. The primary problem so far has been ransomware, and law enforcement recently warned that malware authors may be gearing up to time their attacks in this sector for maximum damage. The FBI highlighted that attacks...

Metasploit Weekly Wrap-Up

Bofloader - Windows Meterpreter Gets Beacon Object File Loader Support This week brings a new and frequently requested feature to the Windows Meterpreter, the Beacon Object File loader. This new extension, bofloader, allows for users to execute Beacon Object Files as written for either Cobalt...

GSD-2022-1005112 igb: Add lock to avoid data race

igb: Add lock to avoid data race This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit 64c0c233a88591bb23569ae12eed7f74e5bd39ce, it...