USN-7889-6 linux-hwe-6.8, linux-oracle-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - Network drivers; - Netfilter; - TLS protocol; CVE-2025-21729, CVE-2025-38227, CVE-2025-38616,...

EUVD-2017-16901

Malware in sbrugna...

CVE-2024-45347 Mi Connect Service APP protocol flaws lead to unauthorized access

An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim’s device...

CVE-2024-45347

CVE-2024-45347 affects Xiaomi Mi Connect Service App. Multiple connected sources indicate the root cause is flawed validation in the authentication/authorization flow, enabling unauthorized access to a victim’s device. CVSS 3.1 base score 9.6 (Adjac ent attack, no user interaction, high impact on...

USN-7550-6: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Sun RPC protocol; CVE-2024-56608, CVE-2024-53168, CVE-2024-56551...

Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506008 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2024-42133: Bluetooth: Ignore too large handle values in BIG bsc1231419 CVE-2024-35863: Fixed potential UAF in...

VulnCheck KEV: CVE-2022-34478

The ms-msdt, search, and search-ms protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild although we know of none exploited through Thunderbird, so in this release...

CVE-2021-34779

Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database...

Interesting Attack on the EMV Smartcard Payment Standard

Its complicated, but its basically a man-in-the-middle attack that involves two smartphones. The first phone reads the actual smartcard, and then forwards the required information to a second phone. That second phone actually conducts the transaction on the POS terminal. That second phone is able...

New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users

High impact vulnerabilities in modern communication protocol used by mobile network operators MNOs can be exploited to intercept user data and carry out impersonation, fraud, and denial of service DoS attacks, cautions a newly published research. The findings are part of a new Vulnerabilities in...

Hackers can Send Fake Emergency Alerts by Exploiting 4G LTE Protocol Flaws

By Waqas Researchers at the Purdue University and the University of Iowa, This is a post from HackRead.com Read the original post: Hackers can Send Fake Emergency Alerts by Exploiting 4G LTE Protocol Flaws...

Authentication flaw

An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective...

CVE-2017-7930

An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective...

CVE-2017-7930

An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective...

CVE-2017-7930

CVE-2017-7930 affects the OSIsoft PI Server 2017 family, specifically the PI Data Archive prior to 2017. The issue is an Improper Authentication vulnerability in the protocol that can expose change records in the clear and allow a malicious party to spoof a server within a PI Network. The connect...

Breaking Signal: A Six-Month Journey

UPDATE MIAMI–Markus Vervier and Jean-Philippe Aumasson have spent the past six months poking security holes in the end-to-end encryption protocol Signal, all on their free time. And they have been successful in privately disclosing what they consider more than a half-dozen flaws to Signal, most o...

CentOS Update for libtdb CESA-2016:0612 centos7

Check the version of libtdb SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882452";...

samba3x security update

CentOS Errata and Security Advisory CESA-2016:0613 An update for samba3x is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

libsmbclient, samba security update

CentOS Errata and Security Advisory CESA-2016:0611 An update for samba is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 5 : samba (RHSA-2016:0621) (Badlock)

An update for samba is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...