Debian Archives - Help Net Security

Debian

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

September 27, 2023

UPDATE (September 28, 2023, 03:15 a.m. ET): The CVE-2023-5129 ID has been either rejected or withdrawn by the CVE Numbering Authority (Google), since it’s a duplicate of …

Downfall attacks can gather passwords, encryption keys from Intel processors

August 9, 2023

A variety of Intel Core processors and the devices using them are vulnerable to “Downfall”, a new class of attacks made possible by CVE-2022-40982, which enables …

Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)

April 27, 2022

Microsoft has unearthed two security vulnerabilities (CVE-2022-29799, CVE-2022-29800) in the networkd-dispatcher daemon that may be exploited by attackers to gain root on many …

Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)

March 8, 2022

An easily exploitable vulnerability (CVE-2022-0847) in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking …

PolKit vulnerability can give attackers root on many Linux distros (CVE-2021-4034)

January 26, 2022

A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by …

Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909)

July 20, 2021

A vulnerability (CVE-2021-33909) in the Linux kernel’s filesystem layer that may allow local, unprivileged attackers to gain root privileges on a vulnerable host has been …

RemotePC adds new features for Linux remote access

May 14, 2021

RemotePC has updated their remote access for Linux offering with new features: Linux Remote Sound – enables users to listen to audio files from the remote machine on …

Sudo vulnerability allows attackers to gain root privileges on Linux systems (CVE-2021-3156)

January 27, 2021

A vulnerability (CVE-2021-3156) in sudo, a powerful and near-ubiquitous open-source utility used on major Linux and Unix-like operating systems, could allow any unprivileged …

Bug in widely used bootloader opens Windows, Linux devices to persistent compromise

July 30, 2020

A vulnerability (CVE-2020-10713) in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise, Eclypsium researchers have …

Microsoft releases Defender ATP for Android and Linux

June 24, 2020

Microsoft has added support for Linux and Android to Microsoft Defender ATP, its unified enterprise endpoint security platform. Microsoft Defender Advanced Threat Protection …

Vulnerability in Qmail mail transport agent allows RCE

May 20, 2020

Qualys researchers have found a way to exploit an previously known (and very old) vulnerability in Qmail, a secure mail transport agent, to achieve both remote code execution …

PPP Daemon flaw opens Linux distros, networking devices to takeover attacks

March 10, 2020

A vulnerability (CVE-2020-8597) in the Point-to-Point Protocol Daemon (pppd) software, which comes installed on many Linux-based and Unix-like operating systems and networking …

Debian

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

Downfall attacks can gather passwords, encryption keys from Intel processors

Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)

Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)

PolKit vulnerability can give attackers root on many Linux distros (CVE-2021-4034)

Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909)

RemotePC adds new features for Linux remote access

Sudo vulnerability allows attackers to gain root privileges on Linux systems (CVE-2021-3156)

Bug in widely used bootloader opens Windows, Linux devices to persistent compromise

Microsoft releases Defender ATP for Android and Linux

Vulnerability in Qmail mail transport agent allows RCE

PPP Daemon flaw opens Linux distros, networking devices to takeover attacks

Don't miss

Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211)

Evolving conversations: Cybersecurity as a business risk

CISO’s compass: Mastering tech, inspiring teams, and confronting risk

GenAI in software surges despite risks

Chalk: Open-source software security and infrastructure visibility tool