Security News

A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability,...

It's called leaving the door wide open – especially in Proxmox A critical bug in Kubernetes Image Builder could allow unauthorized SSH access to virtual machines (VMs) thanks to default...

A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project. [...]

Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even get correctly signed X.509 VPN certificates for foreign devices to take over their VPN sessions.

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024.

Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246, the...

A vulnerability in the GNU C Library can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. Dubbed "Looney Tunables", CVE-2023-4911 is a buffer overflow vulnerability in the dynamic loader's processing of the GLIBC TUNABLES environment variable.

A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic. Tracked as CVE-2022-25636, the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter subcomponent in the kernel.

Mozilla fixes Firefox zero-days exploited in the wildMozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities exploited by attackers in the wild. Easily exploitable Linux bug gives root access to attackersAn easily exploitable vulnerability in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits.

An easily exploitable vulnerability in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits. Affected Linux distributions are in the process of pushing out security updates with the patch.