USN-6108-1: Jhead vulnerabilities

Read Time:20 Second

It was discovered that Jhead did not properly handle certain crafted images
while rotating them. An attacker could possibly use this issue to crash Jhead,
resulting in a denial of service. (CVE-2021-34055)

Kyle Brown discovered that Jhead did not properly handle certain crafted
images while regenerating the Exif thumbnail. An attacker could possibly use
this issue to execute arbitrary commands. (CVE-2022-41751)

[IWCC 2025] CfP: 14th International Workshop on Cyber Crime – Ghent, Belgium, Aug 11-14, 2025

Posted by Artur Janicki via Fulldisclosure on Apr 26 [APOLOGIES FOR CROSS-POSTING] CALL FOR PAPERS 14th International Workshop on Cyber...

April 27, 2025

Inedo ProGet Insecure Reflection and CSRF Vulnerabilities

Posted by Daniel Owens via Fulldisclosure on Apr 26 Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of...

April 27, 2025

Ruby on Rails Cross-Site Request Forgery

Posted by Daniel Owens via Fulldisclosure on Apr 26 Good morning. All current versions and all versions since the 2022/2023...

April 27, 2025

Microsoft “.library-ms” File / NTLM Information Disclosure (Resurrected 2025)

Posted by hyp3rlinx on Apr 26 [-] Microsoft ".library-ms" File / NTLM Information Disclosure Spoofing (Resurrected 2025) / CVE-2025-24054 [+]...

April 27, 2025

kappanhang-0-0.3.20250427gitdffb773.fc41

FEDORA-2025-eecb0ea534 Packages in this update: kappanhang-0-0.3.20250427gitdffb773.fc41 Update description: Update to git snapshot dffb773 Read More

April 27, 2025

DSA-5907-1 linux – security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or...

April 27, 2025

Friday Squid Blogging: Squid Facts on Your Phone

Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes

SAP Fixes Critical Vulnerability After Evidence of Exploitation

M&S Shuts Down Online Orders Amid Ongoing Cyber Incident

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

Cryptocurrency Thefts Get Physical

US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures

Popular LLMs Found to Produce Vulnerable Code by Default

Hackers access sensitive SIM card data at South Korea’s largest telecoms company

USN-6108-1: Jhead vulnerabilities

[IWCC 2025] CfP: 14th International Workshop on Cyber Crime – Ghent, Belgium, Aug 11-14, 2025

Inedo ProGet Insecure Reflection and CSRF Vulnerabilities

Ruby on Rails Cross-Site Request Forgery

Microsoft “.library-ms” File / NTLM Information Disclosure (Resurrected 2025)

kappanhang-0-0.3.20250427gitdffb773.fc41

DSA-5907-1 linux – security update