Read Time:10 Second
FEDORA-2023-862bb40df5
Packages in this update:
mlpack-4.2.1-5.fc39
Update description:
Use RPM macros for python and cmake build directory
Ensure stb_image contains the latest CVE patches
Monthly Archives: October 2023
mlpack-4.2.1-5.fc38
Read Time:10 Second
FEDORA-2023-23c0bd9a45
Packages in this update:
mlpack-4.2.1-5.fc38
Update description:
Use RPM macros for python and cmake build directory
Ensure stb_image contains the latest CVE patches
mlpack-4.2.1-5.fc37
Read Time:10 Second
FEDORA-2023-dde357b985
Packages in this update:
mlpack-4.2.1-5.fc37
Update description:
Use RPM macros for python and cmake build directory
Ensure stb_image contains the latest CVE patches
mlpack-4.2.1-5.el9
Read Time:10 Second
FEDORA-EPEL-2023-44e123cf66
Packages in this update:
mlpack-4.2.1-5.el9
Update description:
Use RPM macros for python and cmake build directory
Ensure stb_image contains the latest CVE patches
CVE-2020-36767
Read Time:6 Second
tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.
CVE-2021-39810 (android)
Read Time:13 Second
In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Lazarus Group Malware Targets Legitimate Software
Report Links ChatGPT to 1265% Rise in Phishing Emails
Read Time:4 Second
The SlashNext report also found a noteworthy 967% increase in credential phishing attacks
USN-6454-2: Linux kernel vulnerabilities
Read Time:56 Second
Kyle Zeng discovered that the netfilter subsystem in the Linux kernel
contained a race condition in IP set operations in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-42756)
Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-4881)
It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)
Kevin Rich discovered that the netfilter subsystem in the Linux kernel did
not properly handle removal of rules from chain bindings in certain
circumstances, leading to a use-after-free vulnerability. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2023-5197)
USN-6441-3: Linux kernel vulnerabilities
Read Time:2 Minute, 10 Second
Ross Lagerwall discovered that the Xen netback backend driver in the Linux
kernel did not properly handle certain unusual packets from a
paravirtualized network frontend, leading to a buffer overflow. An attacker
in a guest VM could use this to cause a denial of service (host system
crash) or possibly execute arbitrary code. (CVE-2023-34319)
Kyle Zeng discovered that the networking stack implementation in the Linux
kernel did not properly validate skb object size in certain conditions. An
attacker could use this cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-42752)
Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did
not properly calculate array offsets, leading to a out-of-bounds write
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-42753)
Kyle Zeng discovered that the IPv4 Resource Reservation Protocol (RSVP)
classifier implementation in the Linux kernel contained an out-of-bounds
read vulnerability. A local attacker could use this to cause a denial of
service (system crash). Please note that kernel packet classifier support
for RSVP has been removed to resolve this vulnerability. (CVE-2023-42755)
Kyle Zeng discovered that the netfilter subsystem in the Linux kernel
contained a race condition in IP set operations in certain situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-42756)
Bing-Jhong Billy Jheng discovered that the Unix domain socket
implementation in the Linux kernel contained a race condition in certain
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4622)
Budimir Markovic discovered that the qdisc implementation in the Linux
kernel did not properly validate inner classes, leading to a use-after-free
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-4623)
Alex Birnberg discovered that the netfilter subsystem in the Linux kernel
did not properly validate register length, leading to an out-of- bounds
write vulnerability. A local attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-4881)
It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)