Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes function is used. An attacker can craft a special WebP lossless file that triggers the ReadHuffmanCodes function to allocate the HuffmanCode buffer with a size that comes from an arra...

The vulnerability of the CreateSerializerSettings() function in the JSON Serializer component allows a hacker to trigger a service failure. This vulnerability is related to the C# language protocol implemented by the language server.

The vulnerability of the CreateSerializerSettings function in the JSON Serializer component is related to the implementation of the C language server protocol. This vulnerability leads to an uncontrolled resource consumption. Exploiting this vulnerability allows a malicious actor to cause service...

Friday Squid Blogging: Light-Emitting Squid

Its a Taningia danae: Their arms are lined with two rows of sharp retractable hooks. And, like most deep-sea squid, they are adorned with light organs called photophores. They have some on the underside of their mantle. There are more facing upward, near one of their eyes. But it’s the photophore...

Former Ubiquiti Employee Gets 6 Years in Jail for $2 Million Crypto Extortion Case

A former employee of Ubiquiti has been sentenced to six years in jail after he pleaded guilty to posing as an anonymous hacker and a whistleblower in an attempt to extort almost $2 million worth of cryptocurrency while working at the company. Nickolas Sharp, 37, was arrested in December 2021 for...

PT-2023-23274 · Unknown · Startsharp +1

Name of the Vulnerable Software and Affected Versions: Serenity Serene versions prior to 6.7.0 StartSharp versions prior to 6.7.0 Description: An issue was discovered where password reset links sent by email contain a token that remains valid even after the password reset, allowing it to be used...

10secondsofcode-custom (=1.0.0), 1kohei1 (>=1.0.0 <=1.0.1) +944 more potentially affected by CVE-2023-30548 via gatsby-plugin-sharp (>=1.6.41 <=4.25.0)

gatsby-plugin-sharp NPM version =1.6.41, =1.0.0, =1.0.1, =1.0.0, =0.1.13, =0.48.0, =1.0.0, =1.0.0, =1.0.10, =3.0.0, =4.7.5 - @adobe/gatsby-theme-commerce =0.0.2 and more Source cves: CVE-2023-30548 Source advisory: OSV:GHSA-H2PM-378C-PCXX...

@ableaura/ableui (=0.1.0), @accodeing/gatsby-theme-heimr (>=0.65.0 <=0.65.1) +873 more potentially affected by CVE-2023-30548 via gatsby-plugin-sharp (>=5.0.0 <=5.6.0)

gatsby-plugin-sharp NPM version =5.0.0, =0.65.0, =5.0.0-rc1, =2018.4.29-10, =3.0.0, =1.0.0, =1.0.13, =2.1.0, =2.0.0, =1.5.0, =3.0.0, =3.0.0, =1.0.42, =1.0.5, =0.3.0, =0.3.27-beta.0 and more Source cves: CVE-2023-30548 Source advisory: OSV:GHSA-H2PM-378C-PCXX...

GHSA-H2PM-378C-PCXX Path traversal vulnerability in gatsby-plugin-sharp

Impact The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. The following steps can be used to reproduce the vulnerability: Create a new Gatsby project, and install...

Path traversal vulnerability in gatsby-plugin-sharp

Impact The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. The following steps can be used to reproduce the vulnerability: Create a new Gatsby project, and install...

CVE-2023-30548

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

Path traversal

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

CVE-2023-30548

The CVE-2023-30548 issue affects gatsby-plugin-sharp prior to versions 5.8.1 and 4.25.1, introducing a path traversal vulnerability when running the Gatsby develop server. By default, develop is bound to localhost, but if exposed (e.g., via --host 0.0.0.0, -H 0.0.0.0, or GATSBY_HOST=0.0.0.0), an ...

CVE-2023-30548 Path traversal vulnerability in gatsby-plugin-sharp

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

CVE-2023-30548 Path traversal vulnerability in gatsby-plugin-sharp

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

CVE-2023-30548 Path traversal vulnerability in gatsby-plugin-sharp

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. It...

PT-2023-22774 · Gatsby · Gatsby-Plugin-Sharp

Name of the Vulnerable Software and Affected Versions: gatsby-plugin-sharp versions prior to 5.8.1 and 4.25.1 Description: The gatsby-plugin-sharp plugin contains a path traversal vulnerability exposed when running the Gatsby develop server gatsby develop. By default, gatsby develop is only...

Motorola SmartPTT SCADA 安全漏洞

Motorola SmartPTT SCADA is an integrated voice and data scheduling software application from Motorola USA. A security vulnerability exists in Motorola SmartPTT SCADA version 1.1.0.0. An attacker could exploit the vulnerability by writing a malicious C script and executing code on the server...

Actors, Threats and Vulnerabilities 6 March to 12 March 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Last week, HiveForce Labs discovered three threat actors. One of them is a Russian group called TA499, which has a history of conducting different cyberattacks such as...

Sharp Panda A Sophisticated Cyber-Espionage Campaign Targeting Governments

Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Sharp Panda cyber-espionage campaign, which has been active for a considerable period, focuses on infiltrating government entities in Southeast Asia. This operatio...

Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments

High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the...