Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156

Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 1.8.2 through 1.8.31p2 and stable versions 1.9.0 through 1.9.5p1. Sudo is a utility included in many Unix- and Linux-based operating systems that allows a user to run programs with the security privileges of another user. An attacker could exploit this vulnerability … Continue reading Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156

New Linux SUDO flaw lets local users gain root privileges

A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication. Sudo is a Unix program that enables system admins to provide limited root privileges to normal users listed in the sudoers file, while at the same time keeping a log of their activity. It works on … Continue reading New Linux SUDO flaw lets local users gain root privileges

VLC Media Player 3.0.12 fixes multiple remote code execution flaws

VideoLan released VLC Media Player 3.0.12 for Windows, Mac, and Linux last week with numerous improvements, features, and security fixes. This release is a significant upgrade for Mac users as it provides native support for Apple Silicon and fixes audio distortion in macOS. In addition to bug fixes and improvements, this release also fixes numerous … Continue reading VLC Media Player 3.0.12 fixes multiple remote code execution flaws

CERT/CC and CISA Report Multiple Vulnerabilities in Dnsmasq

CISA and the CERT Coordination Center (CERT/CC) are aware of multiple vulnerabilities affecting Dnsmasq version 2.82 and prior. Dnsmasq is a widely-used, open-source software that provides Domain Name Service forwarding and caching and is common in Internet-of-Things (IoT) and other embedded devices. A remote attacker could exploit some of these vulnerabilities to take control of … Continue reading CERT/CC and CISA Report Multiple Vulnerabilities in Dnsmasq

Critical flaws in Orbit Fox WordPress plugin allows site takeover

Two vulnerabilities in the Orbit Fox WordPress plugin, a privilege-escalation issue and a stored XSS bug, can allow site takeover. Security experts from Wordfence have discovered two security vulnerabilities in the Orbit Fox WordPress plugin. The flaws are a privilege-escalation vulnerability and a stored XSS bug that impacts over 40,000 installs. The Orbit Fox plugin … Continue reading Critical flaws in Orbit Fox WordPress plugin allows site takeover