A recent research paper by a team at University of California, Riverside, shows the existence of previously overlooked side channels in the Linux kernels that can be exploited to attack DNS servers. According to the researchers, the issue with DNS roots in its design, that never really took security as a key concern and that made it extremely hard to retrofit strong security features into it.
- 2036 Views
CloudLinux’s security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug, leaving web servers vulnerable to code execution and tekeover.
- 2226 Views
A critical Linux kernel bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other, and could allow remote takeover.
- 2873 Views
- 1587 Views
LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source. "Allowing anyone to sign macro-ridden documents themselves, and make them appear as trustworthy, is an excellent way to trick users into running malicious code."
- 1789 Views
A high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code.The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file provided as input to the tool to circumvent protections and achieve code execution.
- 2698 Views