Social 📸 Photography

10 posts10 participants0 posts today

CedricThe Global CVE (GCVE) allocation system is decentralized approach to vulnerability identification and numbering. The GCVE registry is a key component.For this reason the registry is digitally signed using an RSA public key with SHA-512.Thanks to the GCVE Python client, updating your local copy of the registry and verifying its integrity is just one command away: $ gcve registry --pullLearn more: <a href="https://gcve.eu" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gcve.eu</a><a href="https://social.circl.lu/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Vulnerability</a> <a href="https://social.circl.lu/tags/CVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVD</a> <a href="https://social.circl.lu/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a> <a href="https://social.circl.lu/tags/GCVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GCVE</a> <a href="https://social.circl.lu/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> <a href="https://social.circl.lu/tags/VulnerabilityLookup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VulnerabilityLookup</a>

Eckes :mastodon:Jetzt musste ich xx (censored) Jahre alt werden um meine erste CVE vorzuschlagen. Aber naja mit Hilfe von GitHub geht das relativ einfach, mal sehen ob sie es auch publishen <a href="https://zusammenkunft.net/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://zusammenkunft.net/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cve</a> <a href="https://zusammenkunft.net/tags/nettools" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#nettools</a> <a href="https://github.com/ecki/net-tools/security/advisories?state=published" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/ecki/net-tools/security/advisories?state=published</a>

Richi JenningsEU Vulnerability Database (<a href="https://vmst.io/tags/EUVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EUVD</a>) launches this week. And not a moment too soon.The EU Agency for Cybersecurity (<a href="https://vmst.io/tags/ENISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ENISA</a>) has brought EUVD out of beta. Born from a 2022 EU law, EUVD will work alongside MITRE’s Common Vulnerabilities and Exposures database (<a href="https://vmst.io/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a>)—the future of which is still hazy after last month’s last-minute funding reprieve.ENISA executive director Juhan Lepassaar (pictured) is keen to get on with the job. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBBlogwatch</a>, we take this kiss throughout the world.@TheFuturumGroup @TechstrongGroup @SecurityBlvd: <a href="https://securityboulevard.com/2025/05/euvd-launch-cve-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityboulevard.com/2025/05/euvd-launch-cve-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc</a>

moltenbit<a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a>-2025-30386 released today by <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> sounds worrying:„In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link.“ - leading to RCE.

Alexandre DulaunoyMany are complaining about CISA removing the RSS feed for KEV. Just a reminder: we expose a lot of the API via RSS and Atom in vulnerability-lookup. KEV is included.🔗 <a href="https://www.vulnerability-lookup.org/user-manual/feed-syndication/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.vulnerability-lookup.org/user-manual/feed-syndication/</a><a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cve</a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vulnerability</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Brian Greenberg :verified:⚠️ The EU 🇪🇺 to launch its own vulnerability database because the US is dropping the ball 🇺🇸 😢 — and the timing couldn’t be more telling 🛡️In response to growing digital sovereignty concerns, NIS2 compliance, and calls for vendor accountability, the EU is building a public vulnerability catalog. The goal? 📂 Track and disclose security bugs across government, industry, and open source 🔍 Complement—not compete with—the CVE Program 📊 Increase trust, transparency, and resilience within the blocBut let’s be honest: 🤝 Multiple public vuln databases means we must align identifiers, disclosure standards, and data feeds—or risk fragmentation 💡 Transparency is great, but what about verification, consistency, and maintenance? 📉 And if vendors or agencies self-report, how do we ensure accuracy or prevent omission?Done right, this could increase pressure on lagging suppliers and elevate accountability. But if we don’t connect the dots globally, we may just multiply confusion.What do you think: smart evolution or coordination nightmare?<a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/VulnerabilityManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VulnerabilityManagement</a> <a href="https://infosec.exchange/tags/EU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EU</a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a> <a href="https://infosec.exchange/tags/NIS2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NIS2</a> <a href="https://infosec.exchange/tags/SoftwareSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SoftwareSecurity</a> <a href="https://infosec.exchange/tags/Governance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Governance</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloud</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://www.theregister.com/2025/05/13/eu_security_bug_database/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.theregister.com/2025/05/13/eu_security_bug_database/</a>

Mare PolarisSeems we got our own thing now<a href="https://mastodon.social/tags/euvd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#euvd</a> <a href="https://mastodon.social/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cve</a> <a href="https://mastodon.social/tags/eupol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eupol</a> <a href="https://euvd.enisa.europa.eu/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://euvd.enisa.europa.eu/</a>

CedricRSS feed for CISA KEV vulnerabilities, powered by Vulnerability-Lookup:<a href="https://www.vulnerability-lookup.org/user-manual/feed-syndication/#most-recent-entries-from-known-exploited-vulnerabilities" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.vulnerability-lookup.org/user-manual/feed-syndication/#most-recent-entries-from-known-exploited-vulnerabilities</a><a href="https://fosstodon.org/tags/rss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rss</a> <a href="https://fosstodon.org/tags/cisa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cisa</a> <a href="https://fosstodon.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://fosstodon.org/tags/feed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#feed</a> <a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> <a href="https://fosstodon.org/tags/OpenData" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenData</a> <a href="https://fosstodon.org/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cve</a> <a href="https://fosstodon.org/tags/VulnerabilityLookup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VulnerabilityLookup</a>

Matt "msw" Wilsonsetuid root screen is a gift that just keeps on giving…<a href="https://mstdn.social/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a> <a href="https://mstdn.social/tags/CVE_2025_23395" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE_2025_23395</a> <a href="https://mstdn.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://mstdn.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> <a href="https://mstdn.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> <a href="https://security.opensuse.org/2025/05/12/screen-security-issues.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://security.opensuse.org/2025/05/12/screen-security-issues.html</a>

Kevin Bowen :xfce:<a href="https://mastodon.social/@Viss" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Viss</a> Oh my. I...I thought that was a spoof pic. I should know better by now. *sigh*<a href="https://www.theregister.com/2025/05/12/cisa_vulnerabilities_updates_x/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.theregister.com/2025/05/12/cisa_vulnerabilities_updates_x/</a><a href="https://fosstodon.org/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://fosstodon.org/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a> <a href="https://fosstodon.org/tags/OMGWTFBBQ" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OMGWTFBBQ</a>

Tod BeardsleyBtw if you agree that the USG should no longer be the sole funder of <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a>, I have an open letter to Congress that you’re welcome to sign. <a href="https://resist.bot/petitions/PWDDUS" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://resist.bot/petitions/PWDDUS</a><a href="https://mastodon.social/@resistbot" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@resistbot</a> is easy and fun to use.

Tod BeardsleyOh, the US government wouldn’t consider turning off the <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a> databse! It’s critical cybersecurity infrastructure!<a href="https://infosec.exchange/tags/NOAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NOAA</a> has entered the chat: <a href="https://www.cnn.com/2025/05/08/climate/noaa-ends-disaster-database" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.cnn.com/2025/05/08/climate/noaa-ends-disaster-database</a>Don’t think it can’t happen here, too.

CVE Program794 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of April 28, 2025 <a href="https://cisa.gov/news-events/bulletins/sb25-125" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cisa.gov/news-events/bulletins/sb25-125</a> <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a> <a href="https://mastodon.social/tags/CVEID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVEID</a> <a href="https://mastodon.social/tags/CVSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVSS</a> <a href="https://mastodon.social/tags/CWE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CWE</a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Vulnerability</a> <a href="https://mastodon.social/tags/VulnerabilityManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VulnerabilityManagement</a> <a href="https://mastodon.social/tags/HSSEDI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HSSEDI</a> <a href="https://mastodon.social/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISA</a>

Victoria (K8VSY) (she/her)Make sure to update your Meshtastic devices to at least 2.6.2 or newer!"This attack does not require authentication or user interaction, as long as the target device rebroadcasts packets on the default channel."<a href="https://www.cvedetails.com/cve/CVE-2025-24797/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.cvedetails.com/cve/CVE-2025-24797/</a><a href="https://mastodon.radio/tags/Meshtastic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Meshtastic</a> <a href="https://mastodon.radio/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a> <a href="https://mastodon.radio/tags/Mesh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mesh</a> <a href="https://mastodon.radio/tags/MeshRadio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MeshRadio</a> <a href="https://mastodon.radio/tags/Lora" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lora</a> <a href="https://mastodon.radio/tags/hamr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hamr</a> <a href="https://mastodon.radio/tags/HamRadio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HamRadio</a> <a href="https://mastodon.radio/tags/AmateurRadio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AmateurRadio</a>

CERT@VDE<a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OT</a> <a href="https://infosec.exchange/tags/Advisory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Advisory</a> <a href="https://infosec.exchange/tags/Update" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Update</a> VDE-2023-046 WAGO: Multiple products vulnerable to local file inclusionAn attacker with administrative privileges which can access sensitive files can additionally access them in an unintended, undocumented way. UPDATE 07.05.2025: The fixed versions have been updated, because the previously mentioned versions are still vulnerable to this issue. More details have been added to the hardware devices. More affected version numbers were added to the firmwares. <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a> CVE-2023-4089<a href="https://certvde.com/en/advisories/VDE-2023-046" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://certvde.com/en/advisories/VDE-2023-046</a><a href="https://infosec.exchange/tags/CSAF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CSAF</a> <a href="https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-046.json" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-046.json</a>

CVE Program“CNA Enrichment Recognition” - 251 CNAs on the list for May 5, 2025 Published every 2 weeks, this list recognizes those CVE Numbering Authorities (<a href="https://mastodon.social/tags/CNAs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CNAs</a>) actively providing <a href="https://mastodon.social/tags/CVSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVSS</a> and <a href="https://mastodon.social/tags/CWE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CWE</a> vulnerability data in their <a href="https://mastodon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a> Records <a href="https://medium.com/@cve_program/vulnerability-data-enrichment-for-cve-records-251-cnas-on-the-enrichment-recognition-list-for-may-0c56e3d382d1" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://medium.com/@cve_program/vulnerability-data-enrichment-for-cve-records-251-cnas-on-the-enrichment-recognition-list-for-may-0c56e3d382d1</a>

Xavier «X» Santolaria :verified_paw: :donor:Updates from the <a href="https://infosec.exchange/tags/CVEFoundation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVEFoundation</a><blockquote>Representatives from the CVE Foundation met with representatives from CISA on 4/24/2025. The talks were positive and encouraging. All parties wish to keep the conversation and progress moving forward.</blockquote><a href="https://www.thecvefoundation.org/news" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.thecvefoundation.org/news</a><a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cve</a> <a href="https://infosec.exchange/tags/mitre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mitre</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vulnerability</a>

apfeltalk :verified:AirPlay-Sicherheitslücken bedrohen Millionen Geräte – auch Drittanbieter betroffen Eine neue Analyse der Sicherheitsfirma Oligo offenbart gravierende Schwachstellen im AirPlay-Protokoll von App <a href="https://www.apfeltalk.de/magazin/feature/airplay-sicherheitsluecken-bedrohen-millionen-geraete-auch-drittanbieter-betroffen/" rel="nofollow noopener noreferrer" target="_blank">https://www.apfeltalk.de/magazin/feature/airplay-sicherheitsluecken-bedrohen-millionen-geraete-auch-drittanbieter-betroffen/</a> <a href="https://creators.social/tags/Feature" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Feature</a> <a href="https://creators.social/tags/iPhone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iPhone</a> <a href="https://creators.social/tags/AirPlay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AirPlay</a> <a href="https://creators.social/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Apple</a> <a href="https://creators.social/tags/CarPlay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CarPlay</a> <a href="https://creators.social/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a> <a href="https://creators.social/tags/Drittanbieter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Drittanbieter</a> <a href="https://creators.social/tags/iOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iOS</a> <a href="https://creators.social/tags/ITSicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITSicherheit</a> <a href="https://creators.social/tags/macOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#macOS</a> <a href="https://creators.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://creators.social/tags/Netzwerksicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Netzwerksicherheit</a> <a href="https://creators.social/tags/Oligo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Oligo</a> <a href="https://creators.social/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RemoteCodeExecution</a> <a href="https://creators.social/tags/Sicherheitslcke" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sicherheitslcke</a> <a href="https://creators.social/tags/Update" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Update</a>

gcve.euSeven new GNAs have been registered on GCVE.EU !We're glad to see the community grow and are open to new GNA applications 🔗 JSON <a href="https://gcve.eu/dist/gcve.json" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gcve.eu/dist/gcve.json</a> 🔗 Why and How to become a GNA <a href="https://gcve.eu/about/#eligibility-and-process-to-obtain-a-gna-id" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gcve.eu/about/#eligibility-and-process-to-obtain-a-gna-id</a><a href="https://social.circl.lu/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cve</a> <a href="https://social.circl.lu/tags/gcve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gcve</a> <a href="https://social.circl.lu/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vulnerabilities</a> <a href="https://social.circl.lu/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Vitexglibc (2.41-7) unstable; urgency=medium Starting with glibc 2.41, shared libraries requiring an executable stack cannot be dynamically loaded through the <a href="https://f.cz/tags/dlopen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dlopen</a> mechanism from a binary that does not require an executable stack. This change aims to improve security, as the previous behavior was used as a vector for RCE (<a href="https://f.cz/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a>-2023-38408). Attempting to do so will result in the following error: cannot enable executable stack as shared object requires: Invalid argument While most libraries generated in the past 20 years do not require an executable stack, some third-party software still need this capability. Many vendors have already updated their binaries to address this. If you need to run a program that requires an executable stack through dynamic loaded shared libraries, you can use the glibc.rtld.execstack tunable: Glibc6_TUNABLES=glibc.rtld.execstack=2 ./program -- Aurelien Jarno <aurel32@debian.org> Sun, 13 Apr 2025 14:41:11 +0200<a href="https://f.cz/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Debian</a> <a href="https://f.cz/tags/Changelog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Changelog</a> <a href="https://f.cz/tags/GLibC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GLibC</a> <a href="https://f.cz/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://f.cz/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a>

Recent searches

Search options

Administered by:

Server stats:

#cve