CVE-2023-29541

Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux...

New Botnet Malware 'Horabot' Targets Spanish-Speaking Users in Latin America

Spanish-speaking users in Latin America have been at the receiving end of a new botnet malware dubbed Horabot since at least November 2020. "Horabot enables the threat actor to control the victim's Outlook mailbox, exfiltrate contacts' email addresses, and send phishing emails with malicious HTML...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2004)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: texlive-base-20220321-72.fc38

The TeX Live software distribution offers a complete TeX system for a variety of Unix, Macintosh, Windows and other platforms. It encompasses programs for editing, typesetting, previewing and printing of TeX documents in many different languages, and a large collection of TeX macros and font...

Users can bypass distributions fees by ragequitting instead of using a formal distribution

Lines of code Vulnerability details Impact Distribution fees can be bypassed by ragequitting instead of distributing Proof of Concept address payable feeRecipient = feeRecipient; uint16 feeBps = feeBps; if tokenType == ITokenDistributor.TokenType.Native return distributor.createNativeDistribution...

The distribution logic will be broken after calling rageQuit()

Lines of code Vulnerability details Impact Malicious users might receive more distributed funds than they should with higher distributionShare. Proof of Concept In PartyGovernanceNFT.sol, there is a getDistributionShareOf function to calculate the distribution share of party NFT. function...

AceCryptor: Cybercriminals' Powerful Weapon, Detected in 240K+ Attacks

A crypter alternatively spelled cryptor malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016. Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per...

PyPI Implements Mandatory Two-Factor Authentication for Project Owners

The Python Package Index PyPI announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication 2FA by the end of the year. "Between now and the end of the year, PyPI will begin gating access to...

CVE-2023-24598

OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user...

CVE-2023-24598

OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user...

CVE-2023-24598

OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user...

Information disclosure

OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user...

CVE-2023-24598

OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user...

PT-2023-19700 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev37 Description: The issue is related to an information leak in the handling of distribution lists. This leak can result in the partial disclosure of private contacts of another user. Recommendations: F...

CVE-2023-24598

Open-Xchange OX App Suite is affected: versions prior to 7.10.6-rev37 have an information-disclosure vulnerability in the handling of distribution lists, potentially exposing private contacts of other users. The issue is tied to the distribution-list handling in OX App Suite’s backend, with no ex...

CVE-2023-24598

OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user...

[SECURITY] [DSA 5412-1] libraw security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5412-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 27, 2023 https://www.debian.org/security/faq -...

GO-2023-1772 Memory exhaustion in github.com/distribution/distribution

Systems that run distribution built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious /v2/catalog API endpoint request...

North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware

The North Korean advanced persistent threat APT group known as Kimsuky has been observed using a piece of custom malware called RandomQuery as part of a reconnaissance and information exfiltration operation. "Lately, Kimsuky has been consistently distributing custom malware as part of...

Fedora: Security Advisory for cups-filters (FEDORA-2023-6ca587ac4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...