415 matches found
AZL-33892 CVE-2023-49568 affecting package packer for versions less than 1.9.5-3
A denial of service DoS vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using on...
AZL-32225 CVE-2023-48795 affecting package packer for versions less than 1.9.5-3
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...
AZL-35099 CVE-2023-48795 affecting package packer for versions less than 1.9.5-1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...
Fedora: Security Advisory for perl-PAR-Packer (FEDORA-2023-9ef8a60a05)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: perl-PAR-Packer-1.057-4.fc38
This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...
Fedora 38 : perl / perl-Devel-Cover / perl-PAR-Packer / polymake (2023-9ef8a60a05)
The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-9ef8a60a05 advisory. Security fix for CVE-2023-47038 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
[SECURITY] Fedora 39 Update: perl-PAR-Packer-1.059-2.fc39
This module implements the App::Packer::Backend interface, for generating stand-alone executables, perl scripts and PAR files...
Fedora: Security Advisory for perl-PAR-Packer (FEDORA-2023-c67f4dbf13)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Unveiling the Deceptive Dance: Phobos Ransomware Masquerading As VX-Underground
During a recent hunt, Qualys Threat Research has come across a ransomware family known as Phobos, impersonating VX-Underground. Phobos ransomware has been knocking on our door since early 2019 and is often seen being distributed via stolen Remote Desktop Protocol RDP connections. Strongly believe...
CVE-2023-44487 affecting package packer for versions less than 1.8.1-14
CVE-2023-44487 affecting package packer for versions less than 1.8.1-14. A patched version of the package is available...
AZL-33330 CVE-2023-39325 affecting package packer for versions less than 1.8.7-2
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-31340 CVE-2023-44487 affecting package packer for versions less than 1.8.1-14
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-35097 CVE-2023-44487 affecting package packer for versions less than 1.8.1-14
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
Analysis and Config Extraction of Lu0Bot, a Node.js Malware with Considerable Capabilities
Nowadays, more malware developers are using unconventional programming languages to bypass advanced detection systems. The Node.js malware Lu0Bot is a testament to this trend. By targeting a platform-agnostic runtime environment common in modern web apps and employing multi-layer obfuscation,...
AZL-33331 CVE-2023-3978 affecting package packer for versions less than 1.9.5-3
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...
Debian: Security Advisory (DLA-3455-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3455-1] golang-go.crypto security update
Debian LTS Advisory DLA-3455-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 16, 2023 https://wiki.debian.org/LTS Package : golang-go.crypto Version : 1:0.0git20181203.505ab14-1+deb10u1 CVE ID : CVE-2019-11840 CVE-2019-11841 CVE-2020-9283 Debian Bug : 95246...
SUSE CVE-2021-43312
A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invertptdynamic at plxelf.cpp:5239...
SUSE CVE-2021-43317
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func getle32. The problem is essentially caused in PackLinuxElf64::elflookup at plxelf.cpp:5404...
PT-2023-12431 · Upx +1 · Upx +1
Name of the Vulnerable Software and Affected Versions: upx affected versions not specified Description: A heap-based buffer overflow was discovered in upx. The issue occurs when the generic pointer p points to an inaccessible address in the get le32 function. This problem is essentially caused in...