Aggregator

The battles between attackers and defenders get more sophisticated every day. Both sides are lo

North Korean threat actors behind the ongoing Contagious Interview campaign have been observed dropping a new JavaScript malware called OtterCookie. Contagious Interview (aka DeceptiveDevelopment) refers to a persistent attack campaign that employs social engineering lures, with the hacking crew often posing as recruiters to trick individuals looking for potential job opportunities into

Cryptocurrency / Cyber EspionageNorth Korean threat actors behind the ongoing Contagious Interview

A vulnerability has been found in Linux Kernel up to 6.11.10/6.12.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file mm/page_alloc.c. The manipulation of the argument PAGE_SIZE leads to allocation of resources. This vulnerability is known as CVE-2024-56544. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.4. Affected is the function icmp_route_lookup of the file net/ipv4/route.c. The manipulation leads to infinite loop. This vulnerability is traded as CVE-2024-56647. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.1. This issue affects the function container_of of the component ubd. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-53184. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.5. This vulnerability affects the function netdev_tx_reset_queue in the library lib/dynamic_queue_limits.c of the component virtio_net. The manipulation leads to use after free. This vulnerability was named CVE-2024-56674. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.3. This affects the function btrfs_encoded_read_endio. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-56582. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.4. It has been rated as critical. Affected by this issue is some unknown functionality of the component hisi_sas. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-56588. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.4. It has been declared as critical. Affected by this vulnerability is the function brightness_show. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-56587. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.119/6.6.65/6.12.4. It has been classified as problematic. Affected is the function xa_store. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2024-56584. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.65/6.12.4 and classified as problematic. This issue affects the function migrate_enable. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2024-56583. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.4 and classified as problematic. This vulnerability affects the function led_tg_check. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-56650. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.4. This affects the function f2fs_bug_on of the file fs/f2fs/inode.c. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-56586. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.10.230/5.15.173/6.1.119/6.6.65/6.12.4. Affected by this vulnerability is the function cond_resched. The manipulation leads to state issue. This vulnerability is known as CVE-2024-56589. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.119/6.6.65/6.12.4. Affected by this issue is the function setup_tlb_handler of the file kernel/locking/spinlock_rt.c of the component LoongArch. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-56585. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.119/6.6.65/6.12.4. Affected is the function hi3110_can_ist. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-56651. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.1. It has been rated as critical. This issue affects the function container_of. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-53183. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.1. It has been declared as critical. This vulnerability affects the function container_of of the component vector. The manipulation leads to denial of service. This vulnerability was named CVE-2024-53181. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.66/6.12.5. It has been classified as critical. This affects an unknown part of the component Bluetooth. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-56653. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.