tldrdaily.news logo
Tag

Software Security Vulnerability

All articles tagged with #software security vulnerability

"Urgent Fix Released for Critical Rust Vulnerability Exposing Windows Systems to Command Injection Attacks"
software-security-vulnerability1 year ago

"Urgent Fix Released for Critical Rust Vulnerability Exposing Windows Systems to Command Injection Attacks"

A critical vulnerability in the Rust standard library, known as BatBadBut and tracked as CVE-2024-24576, exposes Windows systems to command injection attacks when batch files are invoked with untrusted arguments. The flaw impacts all versions of Rust before 1.77.2 and has a maximum severity score. Security researcher RyotaK discovered and reported the bug, advising caution when executing commands on Windows and recommending moving batch files to a directory not included in the PATH environment variable to prevent unexpected execution.

via The Hacker News|
#command-injection#rust#security-flaw
"Urgent VMware Security Patches Fix Critical Flaws Across ESXi, Workstation, and Fusion"
software-security-vulnerability2 years ago

"Urgent VMware Security Patches Fix Critical Flaws Across ESXi, Workstation, and Fusion"

VMware has issued security patches to fix four flaws affecting ESXi, Workstation, and Fusion, including two critical vulnerabilities that could result in code execution. The flaws, tracked as CVE-2024-22252 and CVE-2024-22253, are use-after-free bugs in the XHCI USB controller. Two other vulnerabilities, CVE-2024-22254 and CVE-2024-22255, have also been patched. VMware has provided versions addressing these issues and recommended a temporary workaround until the patches can be deployed.

via The Hacker News|
#esxi#fusion#security-patches
"Beware: Ubuntu 'command-not-found' Tool Vulnerable to Rogue Package Installation"
software-security-vulnerability2 years ago

"Beware: Ubuntu 'command-not-found' Tool Vulnerable to Rogue Package Installation"

Cybersecurity researchers have discovered a potential exploit in the Ubuntu operating system's 'command-not-found' utility, which could allow threat actors to manipulate the system and recommend their own malicious packages, potentially leading to software supply chain attacks. The exploit involves the utility suggesting rogue packages from the snap repository, as well as impersonating legitimate APT packages and leveraging typosquatting attacks. Users are advised to verify package sources before installation, while developers have been urged to register associated snap names for their commands to prevent misuse.

via The Hacker News|
#command-not-found#cybersecurity#rogue-packages