The vulnerability of the CharDistributionAnalysis::HandleOneChar function in the NotePad++ text editor allows a hacker to gain unauthorized access to protected information.

The vulnerability of the CharDistributionAnalysis::HandleOneChar function in the NotePad++ text editor is related to the execution of operations outside the buffer’s boundaries in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

GHSA-V8GR-M533-GHJ9 Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 2.5-41.0.3 are vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230908.txt. If you...

CVE-2023-42806 Snapshot signature not including HeadID will allow replay attacks

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying $\mathsfcid$ allows an attacker which must be a participant of this head to use a snapshot from an old head instance with the same participants to close the head or contest the state with i...

Important: libwebp security update

The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format RIFF. Webmasters, web...

firefox security update

102.15.1-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 102.15.1-1 - Update to 102.15.1...

[SECURITY] [DSA 5501-1] gnome-shell security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5501-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 18, 2023 https://www.debian.org/security/faq -...

[SECURITY] Fedora 37 Update: libwebp-1.3.1-3.fc37

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

[SECURITY] Fedora 39 Update: libwebp-1.3.1-3.fc39

WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginnin...

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginnin...

Microsoft Teams used to deliver DarkGate Loader malware

Researchers have found a new method by which cybercriminals are spreading the DarkGate Loader malware. Until now, DarkGate was typically distributed via phishing emails. The malspam campaign used stolen email threads to lure victims into clicking a hyperlink, which downloaded the malware. But...

From Caribbean shores to your devices: analyzing Cuba ransomware

Introduction Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics,...

Compound charges are sent to GeVault, making them potentially vulnerable to theft

Lines of code Vulnerability details Impact In the previous version, the compound fee would be saved in the TokenisableRange before being deposited into LP, and would be deposited into LP after reaching 1%. After reconstruction, the fees are sent directly to GeVault for distribution through getTVL...

The vulnerability of the Fast DDS library, related to deficiencies in handling exclusive states, allows a attacker to trigger a service failure.

The vulnerability of the Fast DDS library is related to deficiencies in the handling of exceptional states. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

The vulnerability of the Fast DDS library arises from overflowing buffers in dynamic memory, allowing attackers to cause a service failure.

The vulnerability of the Fast DDS library arises from an overflow in the buffer in the dynamic memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure...

Dover Fueling Solutions MAGLINK LX Console Security Vulnerability

The Dover Fueling Solutions MAGLINK LX Console is Dover Fueling Solutions' integrated console for fuel stations and oil distribution. This console is designed to help manage various operations at fuel stations, including refueling, payment, data monitoring, and oil management. A security...

Cosmos-SDK Cosmovisor component may be vulnerable to denial of service

Component: Cosmovisor Criticality: Medium Affected Versions: Cosmovisor v1.0.0 distributed with Cosmos-SDK 0.46 Affected Users: Validators and Node operators utilizing unsupported versions of Cosmovisor Impact: DOS, potential RCE on node depending on configuration An issue has been identified on...

New BLISTER Malware Update Fuelling Stealthy Network Infiltration

An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control C2 framework called Mythic. "New BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers...

How to change preferred DDC server

Change preferred DDC server...

The vulnerability of the JAXP component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a hacker to trigger a service failure.

The vulnerability of the JAXP component in the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...