CVE-2022-49970

CVE-2022-49970 concerns a Linux kernel vulnerability in the bpf/cgroup path, where an invalid opcode triggers a kernel BUG during purge_effective_progs when detaching BPF programs from nested cgroups. Reproduction steps described in multiple sources involve attaching prog2 to cg2, prog1 to cg1, w...

Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched

The maintainers of the Tails project have issued a warning that the Tor Browser that's bundled with the operating system is unsafe to use for accessing or entering sensitive information. "We recommend that you stop using Tails until the release of 5.1 May 31 if you use Tor Browser for sensitive...

Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday

Microsoft has addressed 71 security vulnerabilities in its scheduled March Patch Tuesday update – only three of which are rated critical in severity. The other 68 are all rated “important.” Three of the bugs are listed as publicly known zero-days, but none of them are listed as having been...

Critical Bugs Expose Hundreds of Thousands of Medical Devices

The so-called Access:7 vulnerabilities are the latest high-profile IoT security fumble...

Microsoft Yanks Buggy Windows Server Updates

Microsoft has yanked the Windows Server updates it issued on Patch Tuesday after admins found that the updates had critical bugs that break three things: They trigger spontaneous boot loops on Windows servers that act as domain controllers, break Hyper-V and render ReFS volume systems unavailable...

Actively Exploited Windows Zero-Day Gets a Patch

Microsoft has patched 51 security vulnerabilities in its scheduled August Patch Tuesday update, including seven critical bugs, two issues that were publicly disclosed but unpatched until now, and one that’s listed as a zero-day that has been exploited in the wild. Of note, there are 17...

Adobe Patches 11 Critical Bugs in Popular Acrobat PDF Reader

Eleven critical bugs in Adobe’s popular and free PDF reader, Acrobat, open both Window and macOS users to attacks ranging from an adversary arbitrarily executing commands on a targeted system to data leakage tied to system-read and memory flaws. In a Tuesday security bulletin, which included...

WordPress File Management Plugin Riddled with Critical Bugs

A critical cross-site scripting XSS bug impacts WordPress sites running the Frontend File Manager plugin and allows remote unauthenticated users to inject JavaScript code into vulnerable websites to create admin user accounts. The bug is one of six critical flaws impacting the WordPress plugin...

Cisco Reissues Patches for Critical Bugs in Jabber Video Conferencing Software

Cisco has once again fixed four previously disclosed critical bugs in its Jabber video conferencing and messaging app that were inadequately addressed, leaving its users susceptible to remote attacks. The vulnerabilities, if successfully exploited, could allow an authenticated, remote attacker to...

Google Patches Critical Wi-Fi and Audio Bugs in Android Handsets

Google patched ten critical bugs as part of its December Android Security Bulletin. The worst of the bugs was tied to the Android media framework component and gives attacker remote control of vulnerable handsets. Google did not reveal the technical specifics of the critical flaw, tracked as...

Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio

Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Adobe Illustrator was hit the hardest. There are 16 critical bugs, all of which allow arbitrary code execution in the context o...

OPENSUSE-SU-2020:1313-1 Security update for ldb, samba

This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; bso14364; bsc1173159 + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each;...

Two Critical Android Bugs Open Door to RCE

Google has addressed two critical flaws in its latest monthly Android update that enable remote code execution RCE on Android mobile devices. The critical bugs CVE-2020-0117 and CVE-2020-8597 exist in the Android System area, and would allow a remote attacker using a specially crafted transmissio...

Microsoft Addresses 111 Bugs for May Patch Tuesday

Microsoft has released fixes for 111 security vulnerabilities in its May Patch Tuesday update, including 16 critical bugs and 96 that are rated important. Unlike other recent monthly updates from the computing giant this year, none of the flaws are publicly known or under active attack at the tim...

Updated php packages fix security vulnerability

Critical bugs closed: - Use-of-uninitialized-value in exif 1 - mbstrtolower UTF-32LE: stack-buffer-overflow at phpunicodetolowerfull 2 - getheaders silently truncates after a null byte 3 Some more bugs closed, as: - Memory corruption in pregreplace/pregreplacecallback and unicode -...

MGASA-2020-0148 Updated php packages fix security vulnerability

Critical bugs closed: - Use-of-uninitialized-value in exif 1 - mbstrtolower UTF-32LE: stack-buffer-overflow at phpunicodetolowerfull 2 - getheaders silently truncates after a null byte 3 Some more bugs closed, as: - Memory corruption in pregreplace/pregreplacecallback and unicode -...

Microsoft Patch Tuesday, March 2020 Edition

Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows operating systems and associated software. If you abuse Windows, please take a moment to read this post, backup your systems, and patch your PCs. All told, this patch batch addresses at least 115...

Two Critical Android Bugs Get Patched in February Update

Google has released a security update for a critical flaw in its Android operating system that allows hackers to execute remote code on affected handsets, potentially allowing an adversary to gain remote access to the device. Part of Google’s February Android Security Bulletin, released Monday,...

Zero Day Initiative Bug Hunters Rake in $1.5M in 2019

Zero Day Initiative ZDI awarded more than $1.5 million in cash and prizes to bug-hunters throughout 2019, it said, resulting in 1,035 security vulnerability advisories for the year. Most of those advisories 88 percent were published in conjunction with a patch from the vendor, Zero Day Initiative...

Microsoft Patches RCE Bug Actively Under Attack

A critical bug in a Microsoft scripting engine, under active attack, has been patched as part of Microsoft’s Patch Tuesday security roundup. The vulnerability exists in Internet Explorer and allows an attacker to execute rogue code if a victim is coaxed into visiting a malicious web page, or, if...