5315 matches found
SUSE CVE-2021-42574
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...
SA40107 - Response to Juniper ScreenOS security advisory JSA10713 (CVE-2015-7755 and CVE-2015-7756)
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Juniper announced a security advisory for their Netscreen Firewall ScreenOS product portfolio. The Juniper ScreenOS advisory can be found here: JSA10713 Related Links JSA10713...
Out-of-bounds
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e...
CVE-2023-0795
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e...
CVE-2023-0800
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127...
CVE-2023-0796
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e...
New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
After the U.S. Cybersecurity and Infrastructure Security Agency CISA released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a syste...
Reddit Suffers Security Breach Exposing Internal Documents and Source Code
Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a "sophisticated and...
EulerOS 2.0 SP10 : emacs (EulerOS-SA-2023-1382)
According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c us...
GHSA-29XX-HCV2-C4CP openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2iPKCS7, d2iPKCS7bio or d2iPKCS7fp functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in...
Malicious code in digital-staticsite (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7cf28f9b3aee1deb96e037e6f68421b07112de0026dc8406174bfc2f416ccd3e Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
MAL-2023-745 Malicious code in reporter-app-dist (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 916108fdfabf947f1521341be09140cd10809b0529e3bce843731f7785bfb702 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
MAL-2023-8028 Malicious code in kaluza-careers (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7fc6bb8e84e2499d431b69a1efe08fbdc626b2801e898180833dde64c951c39e Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
MAL-2023-251 Malicious code in digital-staticsite (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7cf28f9b3aee1deb96e037e6f68421b07112de0026dc8406174bfc2f416ccd3e Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
Malicious code in reporter-app-dist (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 916108fdfabf947f1521341be09140cd10809b0529e3bce843731f7785bfb702 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
Malicious code in kaluza-careers (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7fc6bb8e84e2499d431b69a1efe08fbdc626b2801e898180833dde64c951c39e Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
Malicious code in test-npm-com-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx eb86ecfecc56220476e3c33bd4f86f95c17be6c7a9a7a3cdc9ca822205076380 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...
MAL-2023-8038 Malicious code in test-npm-com-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx eb86ecfecc56220476e3c33bd4f86f95c17be6c7a9a7a3cdc9ca822205076380 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...
Important: emacs
Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggest...
MAL-2023-757 Malicious code in samuelpoctester (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1f7b2e15c0c93b4a5ee61dc9bede38e31e95af4885247c9d4c30d4846d2d67ed Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...