Cloud Security Alliance News Clipping Site

Tag: arbitrary code execution

  • The Register: ‘Alarming’ bugs lay low in Ubuntu Server utility for 10 years

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/21/qualys_ubuntu_server_vulnerabilities/ Source: The Register Title: ‘Alarming’ bugs lay low in Ubuntu Server utility for 10 years Feedly Summary: Update now: Qualys says vulnerabilities give root and are ‘easily exploitable’ Researchers at Qualys refuse to release exploit code for five bugs in Ubuntu Server’s needrestart utility that allow unprivileged attackers to gain root access…

  • Slashdot: Ubuntu Linux Impacted By Decade-Old ‘needrestart’ Flaw That Gives Root

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/11/21/0057206/ubuntu-linux-impacted-by-decade-old-needrestart-flaw-that-gives-root?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Ubuntu Linux Impacted By Decade-Old ‘needrestart’ Flaw That Gives Root Feedly Summary: AI Summary and Description: Yes Summary: The text details five local privilege escalation vulnerabilities found in the Linux utility “needrestart,” crucial for professionals in security and compliance to recognize, as they highlight significant risks associated with resource…

  • The Register: D-Link tells users to trash old VPN routers over bug too dangerous to identify

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/20/dlink_rip_replace_router/ Source: The Register Title: D-Link tells users to trash old VPN routers over bug too dangerous to identify Feedly Summary: Vendor offers 20% discount on new model, but not patches Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a…

  • Hacker News: Abusing Ubuntu 24.04 features for root privilege escalation

    by

    system automation
    in

    Source URL: https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation/ Source: Hacker News Title: Abusing Ubuntu 24.04 features for root privilege escalation Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text presents a detailed case study of a vulnerability exploitation chain discovered in Ubuntu 24.04, demonstrating a privilege escalation from a default user to root through the improper handling of…

  • Bulletins: Vulnerability Summary for the Week of October 28, 2024

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/bulletins/sb24-309 Source: Bulletins Title: Vulnerability Summary for the Week of October 28, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info acnoo — flutter_api  Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API:…

  • Hacker News: Almost Secure (2011)

    by

    system automation
    in

    Source URL: https://debugmo.de/2011/11/almost-secure/ Source: Hacker News Title: Almost Secure (2011) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text outlines seven classic security vulnerabilities that can affect embedded systems and devices, explaining how each can be exploited. It provides important insights for security professionals, especially those focusing on hardware and software security, by…

  • Hacker News: Fuzzing between the lines in popular barcode software

    by

    system automation
    in

    Source URL: https://blog.trailofbits.com/2024/10/31/fuzzing-between-the-lines-in-popular-barcode-software/ Source: Hacker News Title: Fuzzing between the lines in popular barcode software Feedly Summary: Comments AI Summary and Description: Yes Summary: This text provides an in-depth analysis of fuzz testing applied to the ZBar barcode scanning library, highlighting the discovery of critical security vulnerabilities. The article emphasizes the importance of fuzzing in…

  • Hacker News: Ancient Monkey: Pwning a 17-Year-Old Version of SpiderMonkey

    by

    system automation
    in

    Source URL: https://blog.pspaul.de/posts/ancient-monkey-pwning-a-17-year-old-version-of-spidermonkey/ Source: Hacker News Title: Ancient Monkey: Pwning a 17-Year-Old Version of SpiderMonkey Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a significant vulnerability found in the Zscaler enterprise VPN solution, particularly linked to the pacparser library and its use of an outdated version of the SpiderMonkey JavaScript engine.…

  • Hacker News: A deep dive into Linux’s new mseal syscall

    by

    system automation
    in

    Source URL: https://blog.trailofbits.com/2024/10/25/a-deep-dive-into-linuxs-new-mseal-syscall/ Source: Hacker News Title: A deep dive into Linux’s new mseal syscall Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the introduction of a new syscall called `mseal` in the Linux kernel that implements a memory sealing protection mechanism. It highlights how `mseal` differs from previous memory protection…

  • Hacker News: When Samsung meets MediaTek: the story of a small bug chain [pdf]

    by

    system automation
    in

    Source URL: https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Article-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf Source: Hacker News Title: When Samsung meets MediaTek: the story of a small bug chain [pdf] Feedly Summary: Comments AI Summary and Description: Yes Summary: The text details a significant security vulnerability found in the boot chain of Samsung mobile devices using MediaTek System-on-Chips. The vulnerability, which can allow an attacker with…