Fedora: Security Advisory for libssh (FEDORA-2023-5fa5ca2043)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware

The identity of the second threat actor behind the Golden Chickens malware has been uncovered courtesy of a "fatal" operational security blunder, cybersecurity firm eSentire said. The individual in question, who lives in Bucharest, Romania, has been given the codename Jack. He is one of the two...

Moderate: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file...

EulerOS Virtualization 2.10.1 : libXpm (EulerOS-SA-2023-1906)

According to the versions of the libXpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...

Four key questions for privacy programs in the U.S.

With new state privacy laws passed each year, organizations are tasked with developing privacy programs that are compliant with applicable laws. To help organizations identify their current privacy program maturity, privacy professionals can ask four questions to determine where they stand...

[SECURITY] Fedora 38 Update: community-mysql-8.0.33-2.fc38

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

kernel: bpf, cgroup: Fix kernel BUG in purge_effective_progs

In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purgeeffectiveprogs Syzkaller reported a triggered kernel BUG as follows: ------------ cut here ------------ kernel BUG at kernel/bpf/cgroup.c:925! invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU: 1 PI...

kernel: bpf: Fix KASAN use-after-free Read in compute_effective_progs

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix KASAN use-after-free Read in computeeffectiveprogs Syzbot found a Use After Free bug in computeeffectiveprogs. The reproducer creates a number of BPF links, and causes a fault injected alloc to fail, while calling...

kernel: bpf: Fix potential array overflow in bpf_trampoline_get_progs()

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix potential array overflow in bpftrampolinegetprogs The cnt value in the 'cnt = BPFMAXTRAMPPROGS' check does not include BPFTRAMPMODIFYRETURN bpf programs, so the number of the attached BPFTRAMPMODIFYRETURN bpf programs in...

ALSA-2023:2378 Moderate: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file...

Moderate: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file...

Ubuntu 16.04 ESM : MySQL vulnerabilities (USN-6060-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6060-2 advisory. USN-6060-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the precedin...

EulerOS Virtualization 2.9.0 : libXpm (EulerOS-SA-2023-1676)

According to the versions of the libXpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.1 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).

...

FTC tackles tech support scams by chasing payment processor firms

A multinational payment processing company and two of its executives are facing a potential $650k fine as a result of allegedly processing credit card payments for tech support scammers. While this fine isnt exactly massive in comparison to some of the privacy breaches and other incidents seen do...

Oracle MySQL Server 5.7.x < 5.7.42 (Apr 2023 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2023 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 5.7.41 and...

CVE-2023-21980

CVE-2023-21980 affects Oracle MySQL Server in the Client programs component. Affected: MySQL 5.7.x up to 5.7.41 and MySQL 8.0.x up to 8.0.32. The flaw can be triggered by network access via multiple protocols, with low privileges and required user interaction, potentially allowing takeover of the...

CVE-2021-41613

An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register EEAR is not implemented correctly. User programs from authorized privilege levels will be unable to write to EEAR...

Exploit for Incorrect Authorization in Linux Linux_Kernel

Linux Bluetooth: Unauthorized management command execution CV...

[SECURITY] Fedora 37 Update: ImageMagick-6.9.12.82-1.fc37

ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...