ZDI-23-442: Linux Kernel netdevsim Improper Update of Reference Count Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Linux Kernel. An attacker must first obtain the ability to execute...
USN-6015-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could...
DSA-5387 openvswitch – security update
David Marchard discovered that Open vSwitch, a software-based Ethernet virtual switch, is suspectible to denial of service via malformed IP packets. Read More
DSA-5388 haproxy – security update
It was reported that HAProxy, a fast and reliable load balancing reverse proxy, does not properly initialize connection buffers when encoding the FCGI_BEGIN_REQUEST record. A...
Smashing Security podcast #317: Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?
Everyone's talking juice-jacking - but has anyone ever been juice-jacked? Uber suffers yet another data breach, but it hasn't been hacked. And Carole hosts the...
Goldoson: Privacy-invasive and Clicker Android Adware found in popular apps in South Korea
Authored by SangRyol Ryu McAfee’s Mobile Research Team discovered a software library we’ve named Goldoson, which collects lists of applications installed, and a history of...
USN-6014-1: Linux kernel vulnerabilities
Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID...
Why you should patch the Windows QueueJumper vulnerability immediately
Microsoft patched over 100 vulnerabilities this week in its products, including a zero-day privilege escalation flaw used in the wild by a ransomware gang. However,...
dr_libs-0^20230324git4b3d078-0.1.fc37
FEDORA-2023-c21ec99091 Packages in this update: dr_libs-0^20230324git4b3d078-0.1.fc37 Update description: Update to 4b3d078 (dr_wav 0.13.8): fix a possible null-pointer dereference and a crash when loading files with...
Google launches dependency API and curated package repository with security metadata
This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across...