CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names

Threat actors have published yet another round of malicious packages to Python Package Index PyPI with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade...

Fedora 36 : golang-github-distribution-3 (2022-13ad572b5a)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-13ad572b5a advisory. Update to 3.0.0 pre1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

Fedora 35 : golang-github-distribution-3 (2022-739c7a0058)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-739c7a0058 advisory. Update to 3.0.0 pre1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

Microsoft research uncovers new Zerobot capabilities

Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things IoT devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow...

io.fabric8:fabric8-maven-plugin (=1.2.0.redhat-133), it.uniroma2.art.maple:maple-karaf-distribution (>=0.0.3 <=0.0.5) +2 more potentially affected by CVE-2022-40145 via org.apache.karaf:apache-karaf (>=4.4.1 <=4.4.11)

org.apache.karaf:apache-karaf MAVEN version =4.4.1, =0.0.3, =0.0.5 - org.apache.camel.karaf:camel-test-karaf =3.19.0 - org.apache.karaf.demos:web =4.1.7 Source cves: CVE-2022-40145 Source advisory: OSV:GHSA-C2P4-8MVV-RWMV...

Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems

The Raspberry Robin worm has been used in attacks against telecommunications and government office systems across Latin America, Australia, and Europe since at least September 2022. "The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake...

[SECURITY] [DSA 5304-1] xorg-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5304-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2022 https://www.debian.org/security/faq -...

Kali Linux 2022.4 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2022.4. This release has various impressive updates. A summary of the changelog since August’s 2022.3 release: Microsoft Azure - We are back on the Microsoft Azure store More Platforms - Generic Cloud, QEMU VM image & Vagrant libvirt Social...

Raffle is fair only if tokenRange is a power of 2.

Lines of code Vulnerability details Impact Based on the contract logic, the raffle works by sampling a value $ x \in \mathbbZ | 0 \leq x \lt 2^256 $ aka uint256 from a uniform distribution provided by Chainlink VRF, then applying modulo tokenRange, generating a new value $ y \in \mathbbZ | 0 \leq...

GovNFT contract's owner can stop Governance NFT holders from receiving more rewards from trades' DAO fees, and such reward amounts can remain in Trading contract without belonging to anyone

Lines of code Vulnerability details Impact According to , "Profits from trading fees are paid out to Governance NFT holders in real-time...Rewards are paid out in Tigris stablecoins." However, for some legitimate reasons, such as if the corresponding Tigris stablecoin has a bug, or if the owner o...

Unreleased locks cause the reward distribution to be flawed in BondNFT

Lines of code Vulnerability details Impact After a lock has expired, it doesn't get any rewards distributed to it. But, unreleased locks cause other existing bonds to not receive the full amount of tokens either. The issue is that as long as the bond is not released, the totalShares value isn't...

Spoiler Alert: Your Favorite Content Might Not Be Secure

Securing intellectual property in the age of consolidation Rapid7, of course, is not in the entertainment industry. However, we have worked with some clients out there in that golden land of dreams and enchantment—also known as Hollywood. Case in point: the company formerly known as Discovery, In...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Hardcoded Credentials

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x sound4server Hardcoded Credentials Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1.16...

firefox security update

102.6.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 102.6.0-1 - Update to 102.6.0 build1 102.5.0-2 - Added libwebrtc screencast patch for newer features...

csaf_distribution 跨站脚本漏洞

csafdistribution is csaf-poc open source set of csaf tools. csafdistribution csafprovider versions prior to 0.8.2 has a security vulnerability , the vulnerability stems from its allows an attacker to achieve cross-site scripting through a well-crafted CSAF document uploaded as text/html...

Veeam Backup & Replication Remote Code Execution Vulnerability

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

Veeam Backup & Replication Remote Code Execution Vulnerability

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...