ZDI-24-438: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability...
ZDI-24-439: Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that...
glib2-2.78.6-1.fc39 gnome-shell-45.6-2.fc39
FEDORA-2024-fd2569c4e9 Packages in this update: glib2-2.78.6-1.fc39 gnome-shell-45.6-2.fc39 Update description: Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update...
glib2-2.80.2-1.fc40 gnome-shell-46.1-2.fc40
FEDORA-2024-635a54eb7e Packages in this update: glib2-2.80.2-1.fc40 gnome-shell-46.1-2.fc40 Update description: Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update...
DSA-5686-1 dav1d – security update
Nick Galloway discovered an integer overflow in dav1d, a fast and small AV1 video stream decoder which could result in memory corruption. https://security-tracker.debian.org/tracker/DSA-5686-1 Read More
DSA-5684-1 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-42843 Kacper Kwapisz discovered that visiting a malicious website may lead to address bar...
DSA-5682-2 glib2.0 – regression update
The update for glib2.0 released as DSA 5682-1 caused a regression in ibus affecting text entry with non-trivial input methods. Updated glib2.0 packages are available...
Smashing Security podcast #371: Unmasking LockBitsupp, company extortion, and a Tinder fraudster
The kingpin of the LockBit ransomware is named and sanctioned, a cybersecurity consultant is charged with a $1.5 million extortion, and a romance fraudster defrauded...
#RSAC: Three Strategies to Boost Open-Source Security
Experts at the RSA Conference discussed how governments, the open-source community and end users can work together to drastically improve the security of open-source software...
From Spam to AsyncRAT: Tracking the Surge in Non-PE Cyber Threats
Authored by Yashvi Shah and Preksha Saxena AsyncRAT, also known as “Asynchronous Remote Access Trojan,” represents a highly sophisticated malware variant meticulously crafted to breach...