Hacker News
- CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt 18 comments
- Looney Tunables – Local privilege escalation in glibc’s ld.so https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt 4 comments
- Local privilege escalation in glibc’s ld.so https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt 6 comments
- Pwnkit: Local Privilege Escalation in polkit's pkexec https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt 41 comments
- Pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt 3 comments
- Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909) https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt 2 comments
- Heap-based buffer overflow in Sudo https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt 317 comments
- 15 years later: remote code execution in qmail https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt 159 comments
- Linux PIE/stack corruption https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt 10 comments
- The Stack Clash https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt 69 comments
- Roaming through the OpenSSH client: CVE-2016-0777 and 0778 https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt 8 comments
Lobsters
- Looney Tunables: Local Privilege Escalation in the glibc's ld.so (CVE-2023-4911) https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt 9 comments linux , security
- CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt 4 comments security
- 21Nails: Multiple vulnerabilities in Exim https://www.qualys.com/2021/05/04/21nails/21nails.txt 2 comments security
- System Down: A systemd-journald exploit https://www.qualys.com/2019/01/09/system-down/system-down.txt 3 comments linux , security , systemd
- The Stack Clash https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt 25 comments security , unix
- CVE-2023-6246: Heap-based buffer overflow in the glibc's syslog() https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt 3 comments netsec
- CVE-2023-38408 is a good example of why bloated installation could be harmful for security https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt 20 comments debian
- CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt 2 comments netsec
- Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine) https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt 2 comments netsec
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt 52 comments sysadmin
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt 24 comments linux
- Server hosted vulnerability scanner https://www.qualys.com/ 14 comments selfhosted
- 21Nails: Multiple Critical Vulnerabilities in Exim Mail Server https://www.qualys.com/2021/05/04/21nails/21nails.txt 13 comments netsec
- Heap-based buffer overflow in Sudo (CVE-2021-3156) - obtained full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2) https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt 77 comments netsec
- Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156) https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt 57 comments linux
- 15 years later, bugs were never fixed: Remote Code Execution in qmail (CVE-2005-1513) https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt 22 comments netsec
- RedHat Kernel Zero-Day : CVE-2018-14634 https://www.qualys.com/2018/09/25/cve-2018-14634/mutagen-astronomy-integer-overflow-linux-create_elf_tables-cve-2018-14634.txt 3 comments sysadmin
- Mitigating CVE-2017-1000364 ("Stack Clash") by adjusting the stack guard-page/heap stack gap? https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt 3 comments linuxadmin
- The Stack Clash https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt 25 comments netsec
- Latest OpenSSH exploits explained https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt 3 comments programming
- Is OpenWrt affected by the two new OpenSSH vulnerabilities? CVE-2016-0777 and CVE-2016-0778 https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt 7 comments openwrt
- OpenSMTPD Audit Report https://www.qualys.com/2015/10/02/opensmtpd-audit-report.txt 45 comments netsec
Linking pages
- New – EC2 M6g Instances, powered by AWS Graviton2 | AWS News Blog https://aws.amazon.com/blogs/aws/new-m6g-ec2-instances-powered-by-arm-based-aws-graviton2/ 102 comments
- Insecure websites to be named and shamed after checks - BBC News http://www.bbc.com/news/technology-17827919 11 comments
- Power plants put at risk by security bugs - BBC News http://www.bbc.com/news/technology-26881970 9 comments
- Heartbleed Bug: Tech firms urge password reset - BBC News http://www.bbc.com/news/technology-26954540 7 comments
- Data, meet spies: The unfinished state of Web crypto - CNET http://news.cnet.com/8301-13578_3-57591179-38/data-meet-spies-the-unfinished-state-of-web-crypto/ 4 comments
- GitHub - 0xInfection/Awesome-WAF: 🔥 Web-application firewalls (WAFs) from security standpoint. https://github.com/0xInfection/Awesome-WAF 0 comments
- A Comprehensive Developer's Guide to Payment Card Industry Compliant Web Apps - DZone http://cloud.dzone.com/articles/comprehensive-developers-guide 0 comments
- Computer insecurity https://www.tfeb.org/fragments/2021/09/27/computer-insecurity/ 0 comments
- A Guide to Public Cloud Security Tools - DevOps.com http://devops.com/2015/12/30/guide-public-cloud-security-tools/ 0 comments
- New – Amazon EC2 Instances based on AWS Graviton2 with local NVMe-based SSD storage | AWS News Blog https://aws.amazon.com/blogs/aws/new-graviton2-instance-types-c6g-r6g-and-their-d-variant/ 0 comments
- IPv6 Security Vulnerability Scanning https://community.infoblox.com/t5/IPv6-Center-of-Excellence/IPv6-Security-Vulnerability-Scanning/ba-p/7680 0 comments
- Cloud Security Provider Zscaler Scales Up, Takes Its First Outside Investment: $38M From Lightspeed, Other Investor | TechCrunch http://techcrunch.com/2012/08/29/zscaler-cloud-security/ 0 comments
- At Opposite Ends of the Internet Consolidation Tightrope: Accountability, Security, Privacy, and the Future of the Internet | Druva http://www.druva.com/blog/at-opposite-ends-of-the-internet-consolidation-tightrope/ 0 comments
- Insecure websites to be named and shamed after checks - BBC News http://www.bbc.co.uk/news/technology-17827919?print=true 0 comments
- The Developers Guide to PCI Compliant Web applications · KenCochrane.com http://kencochrane.net/blog/2012/01/developers-guide-to-pci-compliant-web-applications/ 0 comments
- The TSA’s explosives sniffers may have a major security flaw - The Verge http://theverge.com/2014/8/6/5976257/the-tsa-s-explosives-sniffers-have-a-major-security-flaw 0 comments
- Windows XP's Lingering And Troubling Market Share | TechCrunch http://techcrunch.com/2014/03/04/windows-xps-lingering-and-troubling-market-share/ 0 comments
- The Geography of HTML5 Security | TechCrunch http://techcrunch.com/2012/09/22/the-geography-of-html5-security/ 0 comments
- Developer-focused infrastructure security platform Mondoo raises $15M | VentureBeat https://venturebeat.com/2021/10/05/developer-focused-infrastructure-security-platform-mondoo-raises-15m/ 0 comments
- GitHub - someengineering/cloud-security-list: A list of cloud security tools and vendors. https://github.com/someengineering/cloud-security-list 0 comments