Security Vulnerabilities - Page 4

Discover Security Vulnerabilities News

PostgreSQL and BeyondTrust: High Severity Risk Requires Immediate Patch

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Recent vulnerabilities in BeyondTrust Remote Support (CVE-2024-12356) and PostgreSQL (CVE-2025-1094) are being actively exploited by threat actors and require urgent mitigation by admins using the popular SQL database and BeyondTrust Remote Support solution. Attackers are using this PostgreSQL SQL injection flaw to sneak SQL commands past security checks, then execute remote commands against vulnerable versions of BeyondTrust for access and control over systems running vulnerable versions.

Brittany Day
Feb 27, 2025

OpenSSH: Urgent Warning Regarding MitM and DoS Security Vulnerabilities

Qualys researchers have recently identified two significant vulnerabilities in OpenSSH that put Linux and FreeBSD systems at severe risk. These bugs enable man-in-the-middle (MitM) attacks and denial-of-service (DoS) attacks to compromise secure communications channels.

Brittany Day
Feb 24, 2025

Fedora 6.12 Critical Advisory: Lockdown Mode Default Off, High Risk

System security is of utmost importance for any Linux admin, yet even those who take great measures to safeguard their systems can sometimes be caught off-guard by changes to default settings. A recent vulnerability in Fedora Linux kernel version 6.12, tracked as CVE-2025-1272, has caused considerable alarm as Lockdown Mode was accidentally disabled without warning, though seemingly inconsequential at first glance.

Brittany Day
Feb 21, 2025

CISA: 2024-53104 critical: Linux kernel UVC driver exploit

Recently, the Cybersecurity and Infrastructure Security Agency (CISA) issued a dire warning regarding an out-of-bounds write vulnerability in the Linux kernel tracked as CVE-2024-53104. This issue exists within UVC drivers and has already been targeted in attacks. We admins must understand the nature of this threat, assess risks to our systems, and take adequate precautionary measures to guard against potential exploitation.

Brittany Day
Feb 13, 2025

Red Hat: CVE-2024-36904 critical: kernel remote code execution threat

In a startling revelation, researchers have uncovered a critical vulnerability in the Linux kernel that has remained undetected for seven years, posing a significant threat to the security of Linux systems. This flaw, identified in the core TCP subsystem, results from a race condition in the inet_twsk_hashdance function, which could allow attackers to execute remote code and take over compromised devices.

Brittany Day
Feb 10, 2025

ClamAV Update Required: CVE-2025-20128 Critical DoS Threat

If you're using ClamAV to detect threats on your Linux systems, it's time to patch your installations! Cisco has released crucial security updates to address CVE-2025-20128. PoC code that exposes an exploit through a heap-based buffer overflow in the OLE2 decryption routine could allow remote attackers to trigger denial-of-service (DoS) conditions without authentication.

Brittany Day
Feb 05, 2025

Firefox 134: High-Impact Security Fixes and Usability Upgrades for Linux

As a Linux security admin, staying ahead of the latest updates is crucial for maintaining a secure environment, and the recent release of Firefox 134 brings a host of significant changes you shouldn't miss. This update enhances touchpad support on Linux, making everyday browsing smoother with new gestures like stopping a scroll motion, and also packs several critical security fixes. With Firefox 134, eleven security vulnerabilities have been patched, including three high-impact issues that could otherwise expose your systems to arbitrary code execution risks.

Brittany Day
Feb 04, 2025

Google Chrome 132 Security Advisory: 13 Critical Flaws Impacting Integrity

Google's widely used Chrome web browser is back in the security spotlight, as yet another 13 critical security flaws need to be urgently addressed. Google quickly released Chrome 132 to patch these severe bugs. With vulnerabilities ranging from out-of-bounds memory access to a stack buffer overflow, these issues impact data integrity and the overall security posture of affected systems.

Brittany Day
Jan 22, 2025

Ubuntu: Secure rsync from RCE issues with critical patches

Are you using rsync to synchronize files on your Ubuntu-based Linux systems? If so, several severe remote code execution (RCE) vulnerabilities recently found in the widely used file synchronization utility could put you at risk of full system compromise! Left unpatched, these RCE flaws allow attackers to execute arbitrary code and compromise entire systems.

Brittany Day
Jan 20, 2025

Critical: CVE-2024-7344 affecting UEFI Secure Boot on Linux Systems

A significant security vulnerability, CVE-2024-7344, has recently been identified, posing a serious risk to Linux systems that leverage UEFI Secure Boot. This vulnerability allows attackers to bypass Secure Boot protections, thereby enabling the execution of untrusted code during the boot process. This kind of exploit can lead to the deployment of malicious UEFI bootkits, which are notoriously difficult to detect and can provide persistent and powerful control over affected systems.

Brittany Day
Jan 16, 2025

Chrome 131: Urgent Advisory from CERT-In on Remote Exploit Risk

India's Computer Emergency Response Team (CERT-In) recently issued a high-risk advisory warning about Google Chrome vulnerabilities in versions prior to 131.0.6778.204 for Linux that could allow remote hackers to gain unauthorized access to impacted systems. As a Linux security admin, staying ahead of any threats that might compromise your systems is paramount.

Brittany Day
Jan 08, 2025

OpenSSH regreSSHion Bug: Urgent Actions Needed to Address Critical Threat

The infamous OpenSSH "regreSSHion" vulnerability, CVE-2024-6387, sent shockwaves through the Linux security community when it was discovered this past summer. This critical flaw threatens a core component of Linux system security: OpenSSH.

Brittany Day
Jan 08, 2025

New Python Vuln Exposes Linux Systems to Memory Exhaustion Risks

Attention Linux administrators and Python developers! A crucial security alert regarding a high-severity vulnerability, CVE-2024-12254, has just been issued, affecting systems running Python versions 3.12.0 or later. This issue could potentially lead to memory exhaustion that could cripple applications or cause system crashes if left unaddressed.

Brittany Day
Dec 19, 2024

Linux: CVE-2024-47177 critical issue in CUPS remote execution threat

Linux powers the world, from servers to IoT devices, but its open-source foundation isn’t without risks. Attackers often exploit vulnerabilities in components like the Common Unix Printing System (CUPS) to execute remote commands, inject malware, and infiltrate networks.

MaK Ulac
Dec 17, 2024

Understanding and Mitigating CVE-2024-42070: A Critical Vulnerability in Linux Kernel’s nftables

A type confusion vulnerability within the Linux Kernel's nftables subsystem - CVE-2024-42070 - was recently discovered, requiring urgent mitigation through kernel patches released by the community. Nftables is a robust framework integrated into the Linux kernel designed to facilitate packet filtering and firewall management, but vulnerabilities in this component raise concerns about a broader trend of Linux firewall vulnerabilities and their impact on affected systems.

Brittany Day
Dec 09, 2024

GStreamer 1.24.10 Released: Essential Security Fixes for a Safer Multimedia Experience

GStreamer is an extensive multimedia framework used by many popular Linux distributions, handling video, audio, and other media files for various applications and services. Adopted commercially and in open-source environments, GStreamer is a backbone for media playback, streaming, and complex processing pipelines.

Brittany Day
Dec 09, 2024

Chrome 131: Emergency Update for High-Risk Vulnerabilities in Linux

Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security vulnerabilities. Chrome version 131 is now available in stable channels for Windows, Mac, Linux, and Android, and users should update promptly so their systems remain secure.

Brittany Day
Dec 04, 2024

Ubuntu Server Vulnerabilities in Needrestart Result in Root Exploits

Researchers from Qualys recently revealed critical vulnerabilities that have existed in the Linux utility needrestart utility for a decade. This tool is an indispensable resource for administrators as it monitors whether systems or services need restarting after package updates.

Brittany Day
Nov 26, 2024

7-Zip 24.07 Update: Critical Security Flaw - Code Execution Threat

Compression utilities like 7-Zip have become essential tools for managing and storing data efficiently. Renowned for its high compression ratio and versatility, 7-Zip has earned millions of fans, from individual consumers to IT professionals around the globe. However, even trusted software can contain vulnerabilities. Recently, a security flaw was discovered within 7-Zip that may allow remote attackers to execute code through specially crafted archives containing malicious codes.

Brittany Day
Nov 25, 2024

Google's OSS-Fuzz Initiative: Critical OpenSSL Flaws and AI Role

Google has long been at the forefront of innovation in cybersecurity, yet security vulnerabilities in its widely used products like Chrome browser and Gmail are frequently uncovered. While Google faces widespread criticism over security flaws in these popular products, its defensive security research efforts cannot be ignored. Google recently confirmed critical security flaws through AI by their OSS-Fuzz team, demonstrating their dedication to protecting digital infrastructure.

Brittany Day
Nov 22, 2024

Community Poll

More Polls