article thumbnail

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Security Affairs

Qualys researchers discovered a root access flaw, tracked as CVE-2023-6246, in GNU Library C (glibc) affecting multiple Linux distributions. The Qualys Threat Research Unit discovered four security vulnerabilities in the GNU Library C (glibc) , including a heap-based buffer overflow tracked as CVE-2023-6246. in August 2022.

Libraries 109
article thumbnail

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Krebs on Security

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. By all accounts, the most severe flaw addressed today is CVE-2022-21907, a critical, remote code execution flaw in the “ HTTP Protocol Stack.” “Test and deploy this patch quickly.” ” Quickly indeed. .”

Libraries 240
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FBI seized other domains used by the shadow eBook library Z-Library

Security Affairs

The FBI disrupted once again the illegal eBook library Z-Library the authorities seized several domains used by the service. The Federal Bureau of Investigation (FBI) seized multiple domains used by the illegal shadow eBook library Z-Library. The library is still reachable through TOR and I2P networks.

article thumbnail

Securing Easy Appointments and earning CVE-2022-0482

Security Affairs

Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability affecting Easy Appointments, a popular open-source web app written in PHP, used by thousands of sites to manage their online bookings.

article thumbnail

Microsoft March 2022 Patch Tuesday updates fix 89 vulnerabilities

Security Affairs

Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including 3 zero-days. Three flaws addressed by the Microsoft March 2022 Patch Tuesday security updates are zero-day issues, and for two of them, CVE-2022-21990 and CVE-2022-24459, public exploits are available.

article thumbnail

Google OAuth client library flaw allowed to deploy of malicious payloads

Security Affairs

Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token to deploy malicious payloads. The Google OAuth Client Library for Java is designed to work with any OAuth service on the web, not just with Google APIs. or higher), and Google App Engine. Pierluigi Paganini.

Libraries 115
article thumbnail

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. The experts have found more than 60 applications in Google Play that were containing the malicious library.