Hacker News with Generative AI: Vulnerabilities

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root (bleepingcomputer.com)
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04.
Security, Ubuntu, Linux, Vulnerabilities
12 points by gregjor 9 hours ago | 4 comments
A new vulnerability on IPv6 parsing in linux (nist.gov)
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address
Security, Linux, Networking, Vulnerabilities
35 points by flyahn06 8 days ago | 5 comments
D-Link won't fix critical flaw affecting 60k older NAS devices (bleepingcomputer.com)
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.
Cybersecurity, Network Security, Hardware, Vulnerabilities, End-of-Life Products
4 points by benkan 9 days ago | 3 comments
D-Link won't fix critical flaw affecting 60k older NAS devices (bleepingcomputer.com)
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.
Cybersecurity, Hardware, Vulnerabilities, End-of-Life Products
7 points by akyuu 10 days ago | 0 comments
Google sees 68% drop in Android memory safety flaws over 5 years (bleepingcomputer.com)
The percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in 2024, representing a massive decrease of over 68% in five years.
Android, Security, Vulnerabilities, Software, Trends
19 points by pmontra 10 days ago | 2 comments
Multiple new macOS sandbox escape vulnerabilities (jhftss.github.io)
In the macOS system, most processes are running in a restricted sandbox environment, whether they are Apple’s own services or third-party applications. Consequently, once an attacker gains Remote Code Execution (RCE) from these processes, their capabilities are constrained. The next step for the attacker is to circumvent the sandbox to gain enhanced execution capabilities and broader file access permissions.
Security, macOS, Vulnerabilities, Programming
581 points by transpute 13 days ago | 190 comments
Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (theregister.com)
Cisco is issuing a critical alert notice about a flaw that makes its so-called Ultra-Reliable Wireless Backhaul systems easy to subvert.
Cybersecurity, Networking, Cisco, Vulnerabilities, Software
7 points by mooreds 14 days ago | 0 comments
Almost Secure (2011) (debugmo.de)
Vulnerabilities are like good ideas - you’re rarely the first one dealing with it. Some vulnerabilities are almost classic, so I’ll proudly present: 7 old but surprisingly useful bugs that might also affect YOUR device.
Security, Vulnerabilities, Software, Mobile Devices
23 points by Smaug123 21 days ago | 1 comments
Ancient Monkey: Pwning a 17-Year-Old Version of SpiderMonkey (pspaul.de)
Last year, @swapgs and I found a fun bug in the popular enterprise VPN solution Zscaler.
Security, Web Security, Vulnerabilities
93 points by todsacerdoti 23 days ago | 6 comments
Attacking the Samsung Galaxy A* Boot Chain (quarkslab.com)
We discovered several vulnerabilities impacting the boot chain of several Samsung devices. Chained together, they allow us to execute code in the bootloader, get root access on Android with persistency, and finally leak anything from the Secure World's memory including the Android Keystore keys.
Security, Android, Samsung, Bootloader, Vulnerabilities
25 points by sipofwater 29 days ago | 7 comments
Firefox use-after-free RCE (nist.gov)
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
Security, Firefox, Vulnerabilities
5 points by erdaniels 35 days ago | 0 comments
VSCode for Linux remote code execution vulnerability (github.com/microsoft)
There is a security vulnerability in the save elevated flow with specially crafted workspaces.
Security, Vulnerabilities, Linux, VSCode
3 points by bananaquant 36 days ago | 0 comments
CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame (theregister.com)
The US Cybersecurity and Infrastructure Security Agency (CISA) says vulnerabilities in Fortinet and Ivanti products are now being exploited, earning them places in its Known Exploited Vulnerabilities (KEV) catalog.
Cybersecurity, Vulnerabilities, Fortinet, Ivanti, CISA
4 points by LinuxBender 42 days ago | 0 comments
Mozilla fixes Firefox zero-day actively exploited in attacks (bleepingcomputer.com)
Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks.
Security, Web Browsers, Vulnerabilities, Firefox
196 points by timokoesters 42 days ago | 143 comments
Systems used by courts and governments across US riddled with vulnerabilities (arstechnica.com)
Public records systems that courts and governments rely on to manage voter registrations and legal filings have been riddled with vulnerabilities that made it possible for attackers to falsify registration databases and add, delete, or modify official documents.
Cybersecurity, Government, Law, Public Records, Vulnerabilities
12 points by samizdis 52 days ago | 1 comments
Bugs Found in CUPS (thestack.technology)
Details of several critical Linux vulnerabilities that the security community has been awaiting have landed – they involve bugs in CUPS, the Common UNIX Printing System.
Security, Linux, Vulnerabilities, Printing
9 points by achenet 55 days ago | 1 comments
9.9 Linux CVE (threadreaderapp.com)
Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
Security, Linux, Vulnerabilities
8 points by Palmik 56 days ago | 2 comments
A 9.9 CVE has been announced for Linux (twitter.com)
Security, Linux, Vulnerabilities
73 points by alexzeitler 56 days ago | 23 comments
Severe unauthenticated RCE flaw in GNU/Linux systems awaiting full disclosure (securityonline.info)
A critical security vulnerability affecting all GNU/Linux systems—and potentially others—has been identified by renowned security researcher Simone Margaritelli.
Security, Linux, Vulnerabilities, Cybersecurity
6 points by bloak 58 days ago | 0 comments
Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability (coffinsec.com)
The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-20017, assessed its impact and developed mitigation measures for the vulnerability.
Cybersecurity, Software, Vulnerabilities, MediaTek, Wi-Fi
259 points by pjf 62 days ago | 103 comments
Known Exploited Vulnerabilities Catalog (cisa.gov)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Cybersecurity, Vulnerabilities, Government, Security
8 points by mooreds 62 days ago | 0 comments
Nix 2.24 is vulnerable to (remote) privilege escalation (puckipedia.com)
okay so. nix 2.24+ vuln: nar unpacking is fucked, and local unprivileged users, or any binary cache you have configured, can just Get Root on your system
Security, Operating Systems, Linux, Software, Vulnerabilities
66 points by todsacerdoti 73 days ago | 78 comments
DEF Con 32 – AMD Sinkclose Universal Ring-2 Privilege Escalation (Not Redacted) [pdf] (defcon.org)
DEF Con, Security, Privilege Escalation, Vulnerabilities, AMD
195 points by ruik 75 days ago | 30 comments
Zyxel warns of vulnerabilities in a wide range of its products (arstechnica.com)
Security, Cybersecurity, Vulnerabilities, Networking
6 points by LinuxBender 77 days ago | 1 comments
It's time to take a closer look at CVE-2024-38063 (Windows IPv6 RCE) (twitter.com)
Security, Windows, Vulnerabilities
12 points by akyuu 88 days ago | 2 comments
Problem with CVEs on OSS Projects (github.com/micromatch)
Open Source, Security, Software, Vulnerabilities
13 points by rymurr 90 days ago | 4 comments
Don't panic It's only 60 Linux CVE security bulletins a week (zdnet.com)
Linux, Security, Cybersecurity, Vulnerabilities
20 points by CrankyBear 91 days ago | 17 comments
OpenBSD crond / crontab set_range() heap underflow (CVE-2024-43688) (supernetworks.org)
Security, OpenBSD, Vulnerabilities
20 points by wglb 91 days ago | 0 comments
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now (bleepingcomputer.com)
Cybersecurity, Windows, Networking, Vulnerabilities
46 points by ajdude 97 days ago | 24 comments
Windows TCP/IP Remote Code Execution Vulnerability (cve.org)
Cybersecurity, Windows, Vulnerabilities
10 points by Tomte 99 days ago | 1 comments