Calenderweek 37

Uncovering Memory Corruption: Exploitable Flaws in ncurses Library

A series of memory corruption vulnerabilities has been uncovered within the ncurses (new curses) programming library, potentially enabling threat actors to execute malicious code on susceptible Linux and macOS systems. In a technical report released today, Microsoft Threat Intelligence researchers Jonathan Bar Or, Emanuele Cozzi, and Michael Pearse highlighted the exploitation potential of these vulnerabilities …

Uncovering Memory Corruption: Exploitable Flaws in ncurses Library Read More »

Unveiling Critical Kubernetes Security Flaws: Windows Endpoints Vulnerable to Remote Code Execution

Three interconnected security vulnerabilities of high severity have been uncovered in Kubernetes, posing a risk of remote code execution with elevated privileges on Windows endpoints within a cluster. Identified as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, these vulnerabilities have been assigned CVSS scores of 8.8 and affect all Kubernetes setups incorporating Windows nodes. Mitigations for these issues …

Unveiling Critical Kubernetes Security Flaws: Windows Endpoints Vulnerable to Remote Code Execution Read More »

Urgent Alert: Critical Security Flaw in WebP Codec Endangers Numerous Applications

A recently discovered critical security vulnerability in the WebP codec allows attackers to trigger a heap buffer overflow in numerous widely-used applications when a specially crafted image is opened. According to a report by Stackdiary, not only web browsers like Chrome, Firefox, Brave, and Edge are affected, but also countless other apps that utilize the …

Urgent Alert: Critical Security Flaw in WebP Codec Endangers Numerous Applications Read More »

Scroll to Top