SUSE CVE-2018-1120

A flaw was found affecting the Linux kernel before version 4.17. By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the...

SUSE CVE-2019-20330

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking...

SUSE CVE-2020-25673

A vulnerability was found in Linux kernel where non-blocking socket in llcpsockconnect leads to leak and eventually hanging-up the system...

SUSE CVE-2021-29946

Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

SUSE CVE-2021-30639

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once ...

SUSE CVE-2021-43980

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing but extremely hard to trigger concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 tha...

GSD-2023-1000956 mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING

mmc: vub300: fix warning - do not call blocking ops when !TASKRUNNING This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...

GSD-2023-1000506 mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING

mmc: vub300: fix warning - do not call blocking ops when !TASKRUNNING This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.17 by commit...

The vulnerability of the kfree_skb() function in the xen-netback driver of Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the kfreeskb function in the xen-netback driver of Linux kernel is related to improper blocking mechanisms. Exploiting this vulnerability can allow an attacker to cause service failures...

Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers

Cisco has warned of two security vulnerabilities affecting end-of-life EoL Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept PoC exploit. The issues are rooted in the router's web-based...

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics an...

FBI warns of imposter ads in search results

The FBI has issued a public notice which includes advice to block adverts. Why? Lets take a look. The bogus advert tightrope Its no secret that rogue ads have been a particular plague on the Internet for as far back as we can remember. From irritating pop ups and spinning "Youve won a prize"...

CVE-2022-23513

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

Code injection

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

CVE-2022-23513

CVE-2022-23513 affects Pi-hole AdminLTE (Pi-hole Web Interface). The issue is an access-control vulnerability in the queryads endpoint exposed via root-path PHP script /admin/scripts/pi-hole/phpqueryads.php, where insufficient validation allows an attacker to perform unauthorized queries for bloc...

Adding Azure Compute Account Fails With "This server does not seem to have Azure PowerShell installed"

Challenge When attempting to add an Azure Compute Account using the "Create a new account" option, the error message is shown stating that "This server does not seem to have Azure PowerShell installed." even though the Azure PowerShell is installed. Get-Module -ListAvailable -Name Azure -Refresh...

The pitfalls of blocking IP addresses

In August 2022, the Austrian court ordered the block of 11 IP addresses for copyright violations on 14 websites. Sadly, there was an undesirable side-effect--thousands of websites were rendered inaccessible to internet users in Austria for two days. There are many possible reasons why governments...

Attacker can DOS OptimisticListing with very low cost

Lines of code Vulnerability details Impact The only check on a new proposal is that it is priced lower than the existing proposal. It does not constrain on the collateral supplied except it will revert in verifyBalance if set to 0. Anyone can block normal proposal creation by creating a proposal...

The vulnerability of the xen-netback driver in Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the xen-netback driver in Linux operating systems is related to improper blocking mechanisms. Exploiting this vulnerability can allow an attacker to cause service failures...

Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content

The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...