Read Time:8 Second
FEDORA-EPEL-2022-667d59a6db
Packages in this update:
suricata-5.0.9-1.el8
Update description:
Various security, performance, accuracy and stability issues have been fixed.
Yearly Archives: 2022
suricata-6.0.5-1.fc34
Read Time:8 Second
FEDORA-2022-a2f0201723
Packages in this update:
suricata-6.0.5-1.fc34
Update description:
Various security, performance, accuracy and stability issues have been fixed.
suricata-6.0.5-1.el9
Read Time:8 Second
FEDORA-EPEL-2022-1f9a7c822c
Packages in this update:
suricata-6.0.5-1.el9
Update description:
Various security, performance, accuracy and stability issues have been fixed.
CVE-2021-26629
Read Time:12 Second
A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..’.
CVE-2021-26628
Read Time:13 Second
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files.
Data Breach Disrupts UK Army Recruitment
Read Time:3 Second
British Army online recruitment system down since March following data breach
Emotet Tests New TTPs
Read Time:4 Second
Botnet’s operators spotted spring cleaning its delivery tactics, techniques and procedures
Siloed Tech Prompts Security Worries
PureVPN introduces quantum-resistant feature to enhance security, tackle threats
Read Time:25 Second
Virtual private network (VPN) provider PureVPN has introduced a quantum-resistant feature to its OpenVPN protocol to provide users with more security and privacy for the post-quantum world. The firm has partnered with Quantinuum to deploy quantum-resistant encryption keys which, using its Quantum Origin platform, are generated via a verified quantum process, PureVPN said. The news comes as the security sector prepares for threats posed by the post-quantum encryption era.
USN-5389-1: Libcroco vulnerabilities
Read Time:36 Second
It was discovered that Libcroco was incorrectly accessing data structures when
reading bytes from memory, which could cause a heap buffer overflow. An attacker
could possibly use this issue to cause a denial of service. (CVE-2017-7960)
It was discovered that Libcroco was incorrectly handling invalid UTF-8 values
when processing CSS files. An attacker could possibly use this issue to cause
a denial of service. (CVE-2017-8834, CVE-2017-8871)
It was discovered that Libcroco was incorrectly implementing recursion in one
of its parsing functions, which could cause an infinite recursion loop and a
stack overflow due to stack consumption. An attacker could possibly use this
issue to cause a denial of service. (CVE-2020-12825)