A new X.Org Security Advisory was published today to warn users about CVE-2023-6816, a heap buffer overflow issue introduced in xorg-server v1.13.0 (released 2012), CVE-2024-0229, an out-of-bounds memory access issue introduced in xorg-server v1.1.1 (r…
The Debian Project kicked off 2024 with two important Linux kernel security updates for its supported Debian GNU/Linux 12 “Bookworm” and Debian GNU/Linux 11 “Bullseye” operating system series, addressing multiple security vulnerabilities.
The post Debi…
If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library.
The post GNOME Users at risk of RCE Att…
Several vulnerabilities affecting most VPNs can be exploited to read user traffic, steal user information, or even attack user devices.
The post Almost All VPNs Are Vulnerable to Traffic-Leaking TunnelCrack Attacks appeared first on Linux Today.
Oxeye has uncovered two critical security vulnerabilities in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967). Learn more here.
The post Owncast, EaseProbe Security Vulnerabilities Revealed appeared first on Linux Today.
While the transition to GraphQL makes sense — it’s more flexible, scalable, and easier for developers to use — attackers are also seeing new opportunities for mischief.
The post Top Security Threats to GraphQL APIs and How to Address Them appeare…
At least 30 WordPress plug-ins are being exploited by a pair of Trojans that redirect traffic to infected sites. Users are urged to update now.
The post Malware Affects at Least 30 WordPress Plug-Ins: Update Now appeared first on Linux Today.
GitHub proofs of concept (PoCs) for known vulnerabilities could themselves contain malware as often as 10% of the time, security researchers have found. Learn what this means here.
The post Cybercriminals Use Fake Public PoCs to Spread Malware and Stea…
Text4Shell is one of the latest critical security vulnerabilities that the security community is buzzing about. Learn more in this assessment of Text4Shell.
The post Time-Consuming Remediation: Assessing the Impact of Text4Shell appeared first on Linux…
A freshly fixed flaw (CVE-2022-42889) in the Apache Commons Text library has been getting attention from security researchers these last few days. Learn more here.
The post Apache Commons Text Flaw Not a Repeat of Log4Shell appeared first on Linux Today.
Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Learn more here.
The post Critical vm2 Sandbox Escape Vulnerability Uncovered appeared first on Linux Today.
The Apache Log4j vulnerability, Log4Shell bug, is one of the most critical in the history of cybersecurity. Learn how it puts data lakes and AI at risk.
The post Log4j Vulnerability Puts Enterprise Data Lakes and AI at Risk appeared first on Linux Today.
Databases contain some of the most critical data in enterprises, so vulnerabilities in them are serious issues. Learn what researchers have recently found in exposed databases.
The post Security Researchers Find Nearly 400,000 Exposed Databases appeare…
Microsoft has unearthed two security vulnerabilities (CVE-2022-29799, CVE-2022-29800) in the networkd-dispatcher daemon that may be exploited by attackers to gain root on many Linux endpoints, allowing them to deploy backdoors, malware, ransomware, or …
Researchers at Claroty and JFrog have published a security audit of BusyBox, a widely used embedded device that offers a set of standard UNIX utilities in a single executable file. During the check, 14 vulnerabilities were identified, which have already been eliminated in the August release of BusyBox 1.34. Learn more about the discovered vulnerabilities […]
The post BusyBox Security Analysis Reveals 14 Minor Vulnerabilities appeared first on Linux Today.