Double free

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free could...

CVE-2023-42459

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free could...

CVE-2023-42459 Malformed DATA submessage leads to bad-free error in Fast-DDS

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free could...

EProsima Fast Dds Security Vulnerability

EProsima Fast Dds is a standalone Cpp middleware implementation from EProsima, Spain. It is used to provide Omg Dds 1.4 and Omg Rtps 2.2 interoperable wired protocol standards. A security vulnerability exists in EProsima Fast DDS 2.11.1 and earlier versions, which stems from allowing an attacker ...

PT-2023-7345 · Fastdds · Fastdds

Name of the Vulnerable Software and Affected Versions: Fast DDS versions prior to 2.12.0 Fast DDS versions prior to 2.11.3 Fast DDS versions prior to 2.10.3 Fast DDS versions prior to 2.6.7 Description: Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Obje...

Nextcloud: HTML injection in search UI when selecting a circle with HTML in the display name

An HTML injection vulnerability was discovered in the search user interface of a cloud application. When selecting a circle with HTML in the display name, this could allow redirection to malicious websites or other adverse impacts such as data theft, phishing, or malware distribution...

DarkGate Malware Spreading via Messaging Services Posing as PDF Files

A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications VBA loader script that masquerades as a PDF document, which, when opened,...

CVE-2023-44193

An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine PFE of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service DoS. On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003,...

DarkGate Opens Organizations for Attack via Skype, Teams

We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment...

CVE-2023-45311

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...

LiquidityMining.sol cannot be funded for rewards distribution.

Lines of code Vulnerability details During a rewards claim LiquidityMining.sol uses a low-level call with the msg.value as the rewardsToSend to the liquidity providers, but the contract lacks a receive or fallback function for funds be deposited in it, leaving the contract empty and unable to sen...

The vulnerability of the Spring Framework software platform, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the Spring Framework software platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

Missing of the distribution state updating

Lines of code Vulnerability details Impact The getEffectiveDistributionSpeed can return incorrect information. It can return distributionSpeed but the accrueTokens function will increase tokenAmountAccruedtoken only for the difference between token.balanceOfaddressthis and tokenAmountAccruedtoken...

accrueTokens() function could revert due to potential underflow

Lines of code Vulnerability details Impact Medium, as any underflow would cause the accrueTokens function to revert, preventing tokens from being accrued, which disrupts the rewards distribution mechanism. Proof of Concept The accrueTokens function is designed to update the distribution state by...

Wrong calculation of APR in certain conditions.

Lines of code Vulnerability details Impact The wrong APR due to the miscalculation of effective distribution speed. Proof of Concept The functions Prime.sol/calculateAPR and Prime.sol/estimateAPR both uses the function calculateUserAPR which uses incomeDistributionYearly function. Now this functi...

U.S. Dept Of Defense: Subdomain Takeover via Host Header Injection on www.█████

The vulnerability was a subdomain takeover due to a CNAME record pointing to an unclaimed domain. This allowed malicious individuals to potentially take control of the affected subdomain and use it for malicious purposes...

[SECURITY] Fedora 38 Update: libwebp-1.3.2-2.fc38

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

Microsoft's AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites

Malicious ads served inside Microsoft Bing's artificial intelligence AI chatbot are being used to distribute malware when searching for popular tools. The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malwar...

Exploit for Code Injection in Cisco Telepresence_Video_Communication_Server

I started looking at Cisco Expressway after I noticed quite a fe...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Distribution

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Distribution. Vulnerability Details CVEID:CVE-2023-2253 DESCRIPTION: Distribution is vulnerable to a denial of service, caused by improper input validation by the /v2/catalog endpoint. By sending a...