MiracleLinux 8 : kernel-4.18.0-553.16.1.el8_10 (AXSA:2024-8704:25)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8704:25 advisory. kernel: powerpc: Fix access beyond end of drmem array CVE-2023-52451 kernel: efivarfs: force RO when remounting if SetVariable is not supported...

Quantum Disruption: An SOK of How Post-Quantum Attackers Reshape Blockchain Security and Performance

As quantum computing advances toward practical deployment, it threatens a wide range of classical cryptographic mechanisms, including digital signatures, key exchange protocols, public-key encryption, and certain hash-based constructions that underpin modern network infrastructures. These...

Introducing Enhanced User Interface for Qualys PCI DSS 4.0 ASV Compliant Solution

We’re excited to introduce the new Qualys PCI ASV user interface, built to deliver a smarter, faster, and more intuitive experience. The redesigned PCI ASV UI helps you simplify PCI DSS 4.0 compliance, save time, and reduce audit-related stress. This major update improves usability, streamlines...

MAL-2025-6990 Malicious code in 2020-redesign-fascinator (npm)

The package 2020-redesign-fascinator was found to contain malicious code...

Malicious code in 2020-redesign-fascinator (npm)

The package 2020-redesign-fascinator was found to contain malicious code...

cockpit security update

323.1-1.0.1 - Replaced upstream urls in documentation with oracle links Orabug: 36528753 - Drop subscription-manager-cockpit requirement for ol Orabug: 34681110 - Remove duplicate reference to server in cockpit Orabug: 34030494 - Update documentation links Orabug: 30271413, Orabug: 32013095,...

red-design.co.uk Cross Site Scripting vulnerability OBB-3262456

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

User should not be able to use more votes that he has at the moment of voting

Lines of code Vulnerability details Impact In castVoteInternal function user can vote. And the votes that he has is calculated using the checkpoint when the proposal was created. This is not correct for few reasons. 1.Suppose in time t1 the proposal was created and in that time user1 had 2 tokens...

Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers

Researchers warn Bluetooth signals can be used to track device owners via a unique fingerprinting of the radio signal. The technique was presented via a paper presented at IEEE Security and Privacy conference last month by researchers at the University of California San Diego. The paper suggests...

OPENSUSE-SU-2021:1603-1 Security update for netdata

This update for netdata fixes the following issues: Update to 1.31.0 go.d.plugin 0.29.0 The v1.31.0 release of Netdata comes with re-packaged and redesigned elements of the dashboard to help you focus on your metrics, even more Linux kernel insights via eBPF, on-node machine learning to help you...

Security update for netdata (moderate)

openSUSE Security Update: Security update for netdata Announcement ID: openSUSE-SU-2021:1603-1 Rating: moderate References: 1139094 1139095 1139098 Cross-References: CVE-2018-18836 CVE-2018-18837 CVE-2018-18838 CVE-2018-18839 CVSS scores: CVE-2018-18836 NVD : 6.5...

User created baskets are owned by defaultController

Handle 0x0x0x Vulnerability details User created baskets are owned by defaultController and help from the defaultController is needed to use any functionality or setup the basket. In test simply one account is used, but when a user wants to create a basket, they can’t control it properly...

Security update for teeworlds (moderate)

openSUSE Security Update: Security update for teeworlds Announcement ID: openSUSE-SU-2019:1999-1 Rating: moderate References: 1112910 1131729 Cross-References: CVE-2018-18541 CVE-2019-10877 CVE-2019-10878 CVE-2019-10879 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes four...

HackerOne: Total bounties paid amount is disclosed because of redesign of the Program Profiles

Description: On July 2 Hackerone redesigned the Program Profiles.After the new program page design, I noticed that it is disclosing total bounties paid amount. For some program total bounties paid amount was hidden ████. It used to show like $4000 if the bounty was $3990.But after the redesign, i...

Spectre, Google, and the Universal Read Gadget

Spectre, a seemingly never ending menace to processors, is back in the limelight once again thanks to the Universal Read Gadget. First seen at the start of 2018, Spectre emerged alongside Meltdown as a major potential threat to people’s system security. Meltdown and Spectre Meltdown targeted Inte...

Happy 9th Birthday, KrebsOnSecurity!

Hard to believe we've gone another revolution around the Sun: Today marks the 9th anniversary of KrebsOnSecurity.com! This past year featured some 150 blog posts, but as usual the biggest contribution to this site came from the amazing community of readers here who have generously contributed the...

Faraday v3.0 - Collaborative Penetration Test and Vulnerability Management Platform

This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment. Faraday just got much faster Architecture changes and a new...

Google Redesigns Gmail – Here's a List of Amazing New Features

Google has finally been rolling out its new massively redesigned Gmail for desktop and mobile to 1.4 billion of users worldwide, which might be the most significant single upgrade in Gmail's history. This huge revamped version of the email service now offers plenty of new features such as...

SSL Labs Grading Redesign (Preview 1)

We’re excited to share with you the first preview of our next-generation grading. This is something that’s long overdue but, due to lack of available time, we managed to keep up patching the first-generation grading to keep up with the times. Now, finally, we’re taking the next necessary steps to...

Stable Channel Update for Chrome OS

The Stable channel has been updated to 48.0.2564.92 Platform version: 7647.73.0 for all Chrome OS devices. This build contains a number of bug fixes, security updates, and feature enhancements. Systems will be receiving updates over the next several days. Some highlights of these changes are:...