io_uring Same Type Object Reuse Priv Esc

This module exploits a bug in iouring leading to an additional putcred that can be exploited to hijack credentials of other processes. We spawn SUID programs to get the free'd cred object reallocated by a privileged process and abuse them to create a SUID root binary ourselves that'll pop a shell...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libXpm (SUSE-SU-2023:0171-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0171-1 advisory. - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, so...

6 of the Best Crypto Bug Bounty Programs

By Waqas Crypto bug bounty programs have become essential as the number of blockchain platforms grows exponentially, making it increasingly difficult for developers to keep up with all the necessary security protocols on their own. This is a post from HackRead.com Read the original post: 6 of the...

CISA Releases Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats

Today, CISA released Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats. The report provides recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risk. It also provides insight into the current threat...

libXpm: compression commands depend on $PATH

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

libXpm: compression commands depend on $PATH

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

libXpm: compression commands depend on $PATH

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

libXpm: compression commands depend on $PATH

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

libXpm: compression commands depend on $PATH

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

libXpm: compression commands depend on $PATH

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

RLSA-2023:0318 Moderate: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: postgresql: SQL Injection in ResultSet.refreshRow with malicious column names CVE-2022-31197 For mo...

Korean Word Processor Scam Alert Orcus RAT Lurking in Cracked Versions

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Orcus RAT, formerly known as Schnorchel, first appeared in April 2016 and allows for remote control of infected systems. Intruders are attempting to deploy a variant of Orcus RAT along with XMRig...

Code injection

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...

UBUNTU-CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

libXpm 代码问题漏洞

libXpm is a lib open source image file format library. A code issue vulnerability exists in libXpm. An attacker could exploit this vulnerability to execute other programs by manipulating the PATH environment variable...

CVE-2022-2484

The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs...

Design/Logic Flaw

The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs...

CVE-2022-2484

The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs...

DEBIAN-CVE-2022-22748

Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

Fedora 36 : postgresql-jdbc (2022-d7d49b2fac)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d7d49b2fac advisory. Security fix for CVE-2022-31197 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...