USN-6700-1: Linux kernel vulnerabilities

It was discovered that the Layer 2 Tunneling Protocol (L2TP) implementation in the Linux kernel contained a race condition when releasing PPPoL2TP sockets in certain conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20567) It was discovered that

[ Read More ]

USN-6701-1: Linux kernel vulnerabilities

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly

[ Read More ]

USN-6699-1: Linux kernel vulnerabilities

Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service (guest crash). (CVE-2023-30456) It was discovered that the Quick Fair Queueing scheduler implementation in the

[ Read More ]

USN-6697-1: Bash vulnerability

It was discovered that Bash incorrectly handled certain memory operations when processing commands. If a user or automated system were tricked into running a specially crafted bash file, a remote attacker could use this issue to cause Bash to crash, resulting in a denial of service, or possibly execute arbitrary code.

[ Read More ]

USN-6696-1: OpenJDK 8 vulnerabilities

Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20918) It was discovered that the Hotspot component of OpenJDK 8 did not properly verify bytecode

[ Read More ]

What is .htaccess Malware? (Detection, Symptoms & Prevention)

The .htaccess file is notorious for being targeted by attackers. Whether it’s using the file to hide malware, redirect search engines to other sites with black hat SEO tactics, or inject content — the range of possibilities for misuse is vast, making it a prime target for hackers. .htaccess malware can be hard to pinpoint

[ Read More ]

VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions

Overview A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v1 are likely affected. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code

[ Read More ]

USN-6695-1: TeX Live vulnerabilities

It was discovered that TeX Live incorrectly handled certain memory operations in the embedded axodraw2 tool. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2019-18604) It was discovered that TeX Live allowed documents to make arbitrary network

[ Read More ]

USN-6694-1: Expat vulnerabilities

It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-52425, CVE-2024-28757)

[ Read More ]