Aggregator

A vulnerability was found in Socat up to 1.7.2/2.0.0-b7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Signal Handler. The manipulation leads to improper input validation. This vulnerability is known as CVE-2015-1379. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in OpenAnolis Anolis OS 2.73;0. This affects an unknown part of the file pam_cap.so of the component Group Name Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-1390. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Red Hat Enterprise Linux 6/7/8/9. It has been declared as critical. This vulnerability affects the function GetBarrierDevice of the component X.org X11 Server/TigerVNC. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2025-26598. Attacking locally is a requirement. There is no exploit available.

A vulnerability was found in Red Hat Enterprise Linux 6/7/8/9. It has been rated as critical. This issue affects the function compCheckRedirect of the component X.org X11 Server/TigerVNC. The manipulation leads to uninitialized pointer. The identification of this vulnerability is CVE-2025-26599. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in HP OpenView Storage Data Protector up to 6.10. It has been classified as very critical. Affected is an unknown function of the file omniinet.exe of the component HP OpenView. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2011-1866. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Red Hat Enterprise Linux 6/7/8/9 and classified as critical. Affected by this vulnerability is the function XkbVModMaskText of the component X.org X11 Server/TigerVNC. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-26595. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Red Hat Enterprise Linux 6/7/8/9 and classified as critical. Affected by this issue is the function XkbSizeKeySyms of the component X.org X11 Server/TigerVNC. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2025-26596. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Red Hat Enterprise Linux 6/7/8/9. It has been classified as critical. This affects the function XkbChangeTypesOfKey of the component X.org X11 Server/TigerVNC. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-26597. Local access is required to approach this attack. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Red Hat Enterprise Linux 6/7/8/9. This issue affects some unknown processing of the component X.org X11 Server/TigerVNC. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-26594. Attacking locally is a requirement. There is no exploit available.

A vulnerability was found in Adobe InDesign Desktop up to 18.5.3/19.5. It has been classified as critical. Affected is an unknown function. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-49507. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Поиск работы превратился в игру на деньги.

OpenSSF has released new baseline security best practices to improve open source software quality

A major development in wireless security research has revealed a sophisticated Wi-Fi jamming technique capable of disabling individual devices with millimeter-level precision, leveraging emerging Reconfigurable Intelligent Surface (RIS) technology. Developed by researchers at Ruhr University Bochum and the Max Planck Institute for Security and Privacy, this method exploits programmable metamaterials to manipulate radio frequency (RF) […]

The post New Wi-Fi Jamming Attack Disables Targeted Wi-Fi Devices Using RIS Technology appeared first on Cyber Security News.

Mozilla 首次公布了 Firefox 的使用条款，并更新了隐私条款。Mozilla 称 Firefox 以前是基于开源许可证和承诺，在不同的科技格局下需要让承诺更清晰易懂。在使用条款中，Mozilla 声明：“当您通过 Firefox 上传或输入信息时，您特此授予我们非排他性、免版税的全球许可，以使用该信息来帮助您导航、体验在线内容并与之交互，就像您在使用 Firefox 时所表明的那样。”很多人认为这句话的指代含义不太明确。在更新的隐私条款中 Mozilla 对收集的数据进行了更详细的说明，对于数据：“我们仅在本隐私声明所述目的所需的期限内保留您的个人数据。一般而言，我们保留个人数据的时间不超过 25 个月，但实际保留期限可能因数据类型及其收集目的而异（例如，我们会在您使用 Firefox 期间保留您的“首次使用”日期，以便了解您使用 Firefox 的时间）。具体保留期限还可能取决于数据的敏感性、收集背景、您的设置和偏好，以及我们保留或删除数据的法律或合同义务，例如用于欺诈预防、法规遵从或服务连续性。一旦保留期限到期，我们将安全删除您的数据，除非法律另有要求。”