Security Vulnerabilities

Discover Security Vulnerabilities News

Joomla XSS Bug Puts Millions of Websites at Risk of RCE

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A critical security vulnerability has been found in the popular Joomla open-source content management system that has left millions of websites open to the risk of remote code execution (RCE) due to multiple cross-site scripting (XSS) bugs. The vulnerability is linked to a fundamental flaw in Joomla's core filter component and is tracked as CVE-2024-21726.

XOrg Server and Xwayland Vulnerable to Multiple Exploits - Patch Now!

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Multiple security vulnerabilities have recently been discovered in the XOrg Server prior to 21.1.11, and Xwayland display implementations prior to 23.2.4. These vulnerabilities could potentially result in heap overflows, out-of-bounds writes, and local privilege escalation, potentially enabling attackers to view additional infrastructure to attack, add or delete users, or modify permissions of files or other users.

New Linux Kernel Security Flaw Leads to Information Disclosure

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Imagine your most sensitive and critical information being made accessible to threat actors without your permission or knowledge. This is exactly what a new information disclosure flaw discovered in the Linux kernel up to 5.17 could result in. As a Linux admin, staying up-to-date on vulnerabilities like this one is crucial to keeping your critical systems and confidential data secure. To help you understand and protect against this kernel bug, we'll explore its implications for security practitioners and the long-term consequences it may bring. We'll also explain how to secure your systems against this dangerous kernel flaw.

Critical Glibc Flaws Put Major Linux Distros at Risk

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Four significant vulnerabilities have been discovered in the GNU C Library (glibc), a fundamental component of most Linux distributions. These vulnerabilities pose a significant risk to millions of Linux systems, as they can allow attackers to gain full root access and execute remote code on affected systems.

Hackers' Backdoor: Warning of New Linux Kernel Vulnerability

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Vulnerabilities in the Linux kernel are an unfortunate reality of open-source software, as no code is ever perfect. While the open-source community overall does an excellent job finding and patching bugs, zero days will occasionally slip through. Recently, security researchers discovered yet another local privilege escalation vulnerability that impacts all versions of the Linux kernel.

Zero-Click Bluetooth Attacks Pose Serious Threat Across Major OSes

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Vulnerabilities have been discovered in Bluetooth technology that affect various operating systems. As Linux admins, infosec professionals, Internet security enthusiasts, and sysadmins, it is crucial to understand the implications of these vulnerabilities and the impact they may have on our work. Let's have a closer look at these flaws, how they work, their impact on Linux users, and how to mitigate your risk. 

Debian and Ubuntu Fix More OpenSSH Vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In the wake of the infamous “Terrapin vulnerability,” which allows a man-in-the-middle (MITM) attacker to access impacted users’ sensitive information in transit, Debian and Ubuntu have released security updates addressing five OpenSSH flaws. Let's explore the intricacies of these vulnerabilities, how they work, and recommended measures to fortify your OpenSSH environment.

SSH Under Siege: Decoding the Terrapin Attack

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Researchers recently uncovered a sophisticated attack dubbed Terrapin that takes advantage of a weakness in the SSH protocol to gain access to servers. The attack targets a specific implementation issue in OpenSSH 7.2 through 8.8 that allows remote code execution. By sending carefully crafted data, attackers can overflow the stack buffer and execute commands, leading to complete server compromise.

Ansible Vulnerability Opens Door to Sensitive Data Leaks

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Ansible is a widely used open-source configuration management and automation tool popular among Linux system administrators. A vulnerability recently disclosed in Ansible could allow attackers to access sensitive information on servers Ansible manages. This is a serious issue that Linux admins and IT teams need to take action on.

Remotely Exploitable HAProxy Vuln Threatens Sensitive Data

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It was discovered that the HAProxy load balancing reverse proxy incorrectly handled URI components containing the hash character (CVE-2023-45539). This vulnerability is very straightforward for a remote attacker to exploit and severely threatens impacted users’ sensitive information, making it among the worst bugs we’ve seen in a while!

Widespread Xorg DoS, Privilege Escalation Vulns Fixed

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Several vulnerabilities have been found in the widely used Xorg X server, the most severe being an out-of-bounds write flaw due to an incorrect calculation of a buffer offset (CVE-2023-5367). Due to how easy this vulnerability is to exploit and its significant threat to the confidentiality, integrity, and availability of impacted systems, this bug has received a National Vulnerability Database base score of 7.8 out of 10 (“High” severity).

Severe Chromium DoS, Info Disclosure Vulns Fixed

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A severe, remotely exploitable Type Confusion vulnerability has been found in Chromium (CVE-2023-5346). Due to its significant threat to the confidentiality, integrity, and availability of impacted systems, this bug has received a National Vulnerability Database base score of 8.8 out of 10 (“High” severity).

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo