All articles tagged with #cve
Originally Published 25 days ago — by Phoronix
The Linux kernel's Rust code has received its first CVE vulnerability, related to a race condition in the Android Binder rewrite that can cause system crashes in Linux 6.18 and newer, but no remote code execution or severe issues are reported.
Originally Published 1 year ago — by Cyber Kendra
A critical security vulnerability named "BatBadBut" has been found in the Rust standard library on Windows, allowing attackers to execute arbitrary shell commands by bypassing the escaping mechanism when invoking batch files with the Command API. The vulnerability affects versions before 1.77.2 and has a CVSS score of 10.0. The Rust team has released version 1.77.2 with a fix for the issue, and developers are advised to update to mitigate the risk of potential command injection attacks.
Originally Published 1 year ago — by The Hacker News
Fortra has patched a critical remote code execution (RCE) vulnerability, tracked as CVE-2024-25153, in its FileCatalyst file transfer solution, which could allow unauthenticated attackers to upload files outside the intended directory and execute code. The flaw was reported in August 2023 and addressed in FileCatalyst Workflow version 5.1.6 Build 114. Another two security vulnerabilities in FileCatalyst Direct (CVE-2024-25154 and CVE-2024-25155) were also resolved. Users are advised to apply the necessary updates to mitigate potential threats, especially in light of previous exploitation of Fortra's managed file transfer solution by threat actors.
Originally Published 1 year ago — by The Register
Juniper Networks has disclosed and apologized for previously concealed vulnerabilities, following accusations of bending the rules in assigning CVEs. The company has separately disclosed four vulnerabilities reported by a researcher, each with its own distinct CVE, affecting J-Web in Junos OS SRX Series and EX Series. The US Cybersecurity and Infrastructure Security Agency has issued an alert urging users to review Juniper's bulletin and apply necessary updates. Juniper's patch schedule and process for assigning CVEs have raised questions, prompting the company to review its approach and apologize to customers for the error in communication.
Originally Published 1 year ago — by The Hacker News
Juniper Networks has released urgent out-of-band updates to address high-severity flaws in SRX Series and EX Series, including missing authentication and cross-site scripting vulnerabilities, impacting all versions of Junos OS. The vulnerabilities, discovered by cybersecurity firm watchTowr Labs, could allow threat actors to take control of susceptible systems. Users are advised to apply the updates or implement temporary mitigations, as two previously disclosed vulnerabilities have been actively exploited.
Originally Published 2 years ago — by BleepingComputer
Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability that was exploited as a zero-day in attacks. Initially disclosed as a Chrome weakness, the flaw has now been recognized as a critical issue in libwebp with a maximum severity rating. The vulnerability involves a heap buffer overflow in WebP, impacting Google Chrome and other projects using the libwebp library. Promptly addressing the security vulnerability is crucial for ensuring data security across various platforms.