Microsoft discovered several vulnerabilities affecting Linux desktop computers. The vulnerabilities, collectively dubbed Nimbuspwn, can be chained together to achieve elevation of privileges and subsequently execute various malicious payloads, such as a root backdoor, via remote arbitrary root code execution. Identified…
A new dangerous Linux vulnerability is lurking in unpatched distributions. Called Dirty Pipe and tracked as CVE-2022-0847, the vulnerability is located in the kernel (since version 5.8), creating the possibility for threat actors to overwrite arbitrary data into any read-online…
A new high-severity Linux kernel vulnerability could have been abused to escape a container in order to execute arbitrary commands on the host. The vulnerability is tracked as CVE-2022-0492, and has been detailed by Palo Alto Unit 42 Networks researchers.…
CVE-2021-4034 PolKit Vulnerability CVE-2021-4034 is a new vulnerability detected in PolKit, a component for controlling system-wide privileges in Unix-like operating systems. The vulnerability was discovered in Polkit’s pkexec, a SUID-root program installed by default on every major Linux distribution. The…
CVE-2021-43267 is a newly disclosed security vulnerability in the Linux Kernel’s Transparent Inter Process Communication (TIPC). The flaw can be exploited both locally and remotely, allowing for arbitrary code execution within the kernel. The result of this would be taking…
Researchers from Positive Security discovered an unpatched stored cross-site-scripting (XSS) flaw impacting Linux marketplaces. The vulnerability creates the possibility of unchecked, wormable supply-chain attacks. Affected are Pling-based marketplaces, such as AppImage Hub, Gnome-Look, KDE Discover App Store, Pling.com, and XFCE-Look.…
CVE-2020-28588 is an information disclosure vulnerability in the Linux kernel that could allow KASLR bypass, also causing the discovery of more unpatched flaws in ARM devices. CVE-2020-28588 Vulnerability According to Cisco Talos researchers who discovered the issue, the vulnerability exists…
BootHole is a new vulnerability in the GRUB2 bootloader used by most Linux distributions. The vulnerability, CVE-2020-10713, can be exploited for arbitrary code execution during the boot process, even with Secure Boot enabled. If exploited successfully, the vulnerability could give…
A 17-year-old remote code execution bug that impacts the PPP daemon software (pppd) in nearly all Linux operating systems was just reported. The PPP daemon comes installed on a wide range of Linux distros, and it also powers the firmware…
CVE-2019-14287 is a new vulnerability discovered in Sudo. Sudo is considered one of the most important and widely used programs for Unix- and Linux-based operating systems that allows a permitted user to execute a command as the superuser or another…
A number of Linux and FreeBSD servers and systems are vulnerable to a denial of service vulnerability dubbed SACK Panic, as well as other forms of attacks. Four security vulnerabilities affecting a range of Linux and FreeBSD servers were unearthed…
Another Linux vulnerability has been discovered impacting Snapd, the package installed by default in Ubuntu and used in other distros like Debian, OpenSUSE, Arch Linux, Fedora and Solus. The vulnerability could enable a local attacker to obtain administrator privileges. This…
CVE-2019-5736 is yet another Linux vulnerability discovered in the core runC container code. The runC tool is described as a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. CVE-2019-5736 Technical Details The security flaw potentially…
Canonical recently published a major Linux kernel security update for the Ubuntu 18.04 LTS (Bionic Beaver) operating system series. The update addresses eleven security flaws which were discovered by independent security researchers. In other words, the 4.15.0-44.47 kernel contains 11…
Three vulnerabilities in a component of system have been discovered by researchers at Qualys. The vulnerabilities are CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866, and patches addressing them are already available. More specifically, they were were discovered in systemd-journald, which is a part…
A new security report reveals that a dangerous new Linux Trojan has been found to infect computers worldwide. It is categorized as a hybrid threat as it encompasses attack scenarios of several types of infections. The attacks are found to…
Linux and BSD systems face a critical risk as a Xorg vulnerability has been found. This is the main display server which is used to provide the graphics engine. The issue is tracked in the CVE-2018-14665 advisory and is related…
A new serious problem has been discovered to affect the Linux operating system, the bug is known as the Linux Mutagen Astronomy vulnerability and assigned the CVE-2018-14634 advisory. The security team that reported it has posted a proof-of-concept code that…
Following last year’s disclosure of the BlueBorne vulnerability security experts note that about 2 billion Bluetooth devices are still affected by it. BlueBorne is a collection of bugs that allow the hackers to intrude into them. Many of these devices…
A vulnerability has been identified in the Linux Kernel (version 4.9+) which is tracked in the CVE-2018-5390 advisory. It lists several conditions that allow criminals to modify packets leading to the coordination of DoS (Denial of service) attacks. CVE-2018-5390 Advisory…
