Security News

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk
2024-10-17 05:18

A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability,...

Critical default credential in Kubernetes Image Builder allows SSH root access
2024-10-16 21:58

It's called leaving the door wide open – especially in Proxmox A critical bug in Kubernetes Image Builder could allow unauthorized SSH access to virtual machines (VMs) thanks to default...

Critical Kubernetes Image Builder flaw gives SSH root access to VMs
2024-10-16 16:58

A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project. [...]

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks
2024-08-12 06:57

Security vulnerabilities have been disclosed in the industrial remote access solution Ewon Cosy+ that could be abused to gain root privileges to the devices and stage follow-on attacks. The elevated access could then be weaponized to decrypt encrypted firmware files and encrypted data such as passwords in configuration files, and even get correctly signed X.509 VPN certificates for foreign devices to take over their VPN sessions.

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access
2024-04-09 13:05

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024.

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros
2024-01-31 05:44

Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246, the...

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)
2023-10-05 13:06

A vulnerability in the GNU C Library can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. Dubbed "Looney Tunables", CVE-2023-4911 is a buffer overflow vulnerability in the dynamic loader's processing of the GLIBC TUNABLES environment variable.

New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access
2022-03-14 19:55

A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic. Tracked as CVE-2022-25636, the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter subcomponent in the kernel.

Week in review: Linux bug gives root access to attackers, UPS devices’ vulns, IoT security for OEMs
2022-03-13 09:00

Mozilla fixes Firefox zero-days exploited in the wildMozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities exploited by attackers in the wild. Easily exploitable Linux bug gives root access to attackersAn easily exploitable vulnerability in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits.

Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)
2022-03-08 09:40

An easily exploitable vulnerability in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits. Affected Linux distributions are in the process of pushing out security updates with the patch.