11 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: stmmac: Enable all safety features by default In the original implementation of dwmac5, the commit 8bf993a5877e states that “net: stmmac: Add support for DWMAC5 and implement Safety Features”. All safety features were...
Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked
Assessment The missing pickle entrypoints pickle.loads, pickle.loads, and pickle.load were added to the hook https://github.com/trailofbits/fickling/commit/8c24c6edabceab156cfd41f4d70b650e1cdad1f7. Original report Summary fickling.alwayschecksafety does not hook all pickle entry points...
Linux Distros Unpatched Vulnerability : CVE-2025-38665
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: netlink: canchangelink: fix NULL pointer deref of struct canpriv::dosetmode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from...
SUSE CVE-2023-53011
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: enable all safety features by default In the original implementation of dwmac5 commit 8bf993a5877e "net: stmmac: Add support for DWMAC5 and implement Safety Features" all safety features were enabled by default. Late...
DEBIAN-CVE-2023-53011
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: enable all safety features by default In the original implementation of dwmac5 commit 8bf993a5877e "net: stmmac: Add support for DWMAC5 and implement Safety Features" all safety features were enabled by default. Late...
Android happy to check your nudes before you forward them
Sometimes the updates we install to keep our devices safe do a little bit more than we might suspect at first glance. Take the October 2024 Android Security Bulletin. It included a new service called Android System SafetyCore. If you can find a mention of that in the security bulletin, you’re a...
exchangeRateDeltaLimit can be exceeded with overrideExchangeRate() and remain unpaused
Lines of code Vulnerability details Impact The CashManger has a safety feature that limits the maximum change in the exchange rate between epochs. in setMintExchangeRate it is checked that this limit is not exceeded but there is no check in overrideExchangeRate. Proof of Concept An epoch could ha...
Google takes on Docs notification spammers
Cloud-based document suites have always been a hot target for scammers. When it’s easy to dip in and out for collaboration purposes, or just share things generally, then its likely that bad people will want in on the action. In 2019, Google calendar users were wading through endless spam...
Microsoft Office: Mime Sniffing Safety Feature
This test checks the setting for policy OpenVAS Vulnerability Test $Id: officemimesniffingsafety.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Mime Sniffing Safety Feature Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is...
Network traffic encryption enabled within job when no rule has been set and the Veeam server has a Public IP
Challenge During the processing of a VM by Veeam Backup & Replication on a server with a Public IP, the notification stating "Network traffic will be encrypted" is shown even though no rule is in place within the network traffic rules. Cause By default Veeam Backup & Replication enables encryptio...
Double-clicking a link can run a program from the Internet – Opera Security Advisories
Double-clicking a link can run a program from the Internet – Opera Security Advisories OPCOM Team | December 19, 2005 Summary If a user double-clicks a Web link leading to a program,that program can be run. The second click may go intothe “Open” button of the file download dialog. Severity:...