Lmst

Fun fact! Janet Jackson is still the only pop star with a CVE to her credits.

The cybersecurity vulnerability is linked to her 1989 song "Rhythm Nation", which was found to crash certain models of laptops. The issue arose because the song contained a resonant frequency that matched the natural frequency of some 5400 RPM hard disk drives used in laptops around 2005. When played near these laptops, the song could cause the hard drive to malfunction, leading to a system crash. This unusual vulnerability was officially registered as CVE-2022-38392.

https://nvd.nist.gov/vuln/detail/CVE-2022-38392#vulnCurrentDescriptionTitle

#security #cve #funfact

NIST is now under federal audit for its management of the NVD, as delays and data gaps mount. Meanwhile, CISA faces major leadership losses & budget cuts. The #CVE Foundation has proposed a roadmap to fill the gap. Vulnerability infrastructure is at a turning point:

https://socket.dev/blog/us-government-audits-nist-nvd-backlog #cybersecurity

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 10 CVEs across 25 images:
• 🔴 Critical: 0
• 🟠 High: 6
• 🟡 Medium: 4
• 🔵 Low: 0

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

#OT #Advisory VDE-2025-044
Weidmueller: Industrial ethernet switches are affected by multiple vulnerabilities

#CVE CVE-2025-41651, CVE-2025-41652, CVE-2025-41649, CVE-2025-41650, CVE-2025-41653

https://certvde.com/en/advisories/VDE-2025-044

#CSAF https://weidmueller.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-044.json

#OT #Advisory VDE-2025-042
Lenze: VPN Client Privilege Escalation in combination with Lenze x500 IoT Gateway

#CVE CVE-2025-26168, CVE-2025-26169

https://certvde.com/en/advisories/VDE-2025-042

#CSAF https://lenze.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-042.json

CVE-2024-4367 (PDF.js) is gaining traction in some exploitation-focused Telegram channels...

https://vulnerability.circl.lu/cve/CVE-2024-4367

seen via @ail_project

#vulnerability #opensource #threatintelligence #cve #exploit

CVE-2024-4367 (PDF.js) is gaining traction in some exploitation-focused Telegram channels... via AIL project.

ENISA launched the European Vulnerability Database (EUVD or EU Vulnerability Database), as mandated by the NIS2 Directive. There is the Cyber resilience act (CRA) incoming as well, on increasing the security standards on IoT products (like this one in the screenshot :/ )
https://euvd.enisa.europa.eu/vulnerability/CVE-2025-2233

#IoT #SmartHome #cybersecurity #CRA #enisa #EUVD #CVE #Mitre

CVE-2025-2233 Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615.

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 10 CVEs across 25 images:
• 🔴 Critical: 0
• 🟠 High: 6
• 🟡 Medium: 4
• 🔵 Low: 0

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

#OT #Advisory VDE-2025-011
PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability and information disclosure

#CVE CVE-2025-41654, CVE-2025-41655, CVE-2025-1985

https://certvde.com/en/advisories/VDE-2025-011

#CSAF https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-011.json

Log4j taught us: your software supply chain is a bomb with a long fuse.
You don’t notice it until it explodes.
💥 Know your components.
💣 Validate your inputs.
#CVE #SBOM #DevSecOps

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 10 CVEs across 25 images:
• 🔴 Critical: 0
• 🟠 High: 6
• 🟡 Medium: 4
• 🔵 Low: 0

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

Bypassing MTE with CVE-2025-0072:

https://github.blog/security/vulnerability-research/bypassing-mte-with-cve-2025-0072/

#mte #android #cve #exploitation #vulnerability

Bypassing MTE with CVE-2025-0072:

https://github.blog/security/vulnerability-research/bypassing-mte-with-cve-2025-0072/

#mte #android #cve #exploitation #vulnerability

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 10 CVEs across 25 images:
• 🔴 Critical: 0
• 🟠 High: 6
• 🟡 Medium: 4
• 🔵 Low: 0

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

apt-listchanges: News
---------------------

#glibc (2.41-7) unstable; urgency=medium

Starting with glibc 2.41, shared libraries requiring an executable stack
cannot be dynamically loaded through the dlopen mechanism from a binary that
does not require an executable stack. This change aims to improve #security,
as the previous behavior was used as a vector for RCE (#CVE-2023-38408).
Attempting to do so will result in the following error:

cannot enable executable stack as shared object requires: Invalid argument

While most libraries generated in the past 20 years do not require an
executable stack, some third-party software still need this capability. Many
vendors have already updated their binaries to address this.

If you need to run a program that requires an executable stack through
dynamic loaded shared libraries, you can use the glibc.rtld.execstack
tunable:

GLIBC_TUNABLES=glibc.rtld.execstack=2 ./program

-- Aurelien Jarno <aurel32@debian.org> Sun, 13 Apr 2025 14:41:11 +0200

#Debian #Trixie #Linux

Just posted my new article on another client-side remote code execution bug I found in Google Web Designer back in February, tracked as CVE-2025-4613, fixed in an April release. Enjoy the write-up!

https://bm.gy/gwdrce2

#Cybersecurity #Security #InfoSec #IndieSec #Vulnerability #CVE

“How I used #OpenAI #o3 to find #CVE-2025-37899, a remote #zeroday vulnerability in the #Linux #kernel’s #SMB implementation” by Sean Heelan

https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/

1,110 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of May 12, 2025

https://cisa.gov/news-events/bulletins/sb25-139

#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA

🚨 Lambda Watchdog CVE Report 🚨
Latest AWS Lambda image scan detected 10 CVEs across 25 images:
• 🔴 Critical: 0
• 🟠 High: 6
• 🟡 Medium: 4
• 🔵 Low: 0

Check the full report 👉 https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless

#cve

Client Info