Fedora: Security Advisory for autotrace (FEDORA-2022-6813a0eb99)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: autotrace-0.31.9-1.fc36

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

WordPress Core Cross Site Scripting / SQL Injection

Description: SQL Injection via Links LIMIT clause Affected Versions: WordPress Core 6.0.2 Researcher: FVD CVE ID: Pending CVSS Score: 8.0 High CVSS Vector:CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Fully Patched Version: 6.0.2 The WordPress Link functionality, previously known as “Bookmarks”, i...

Red Hat Keycloak 安全漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. Red Hat Keycloak suffers from a security vulnerability that originates from an attacker being able to register with a username that is the same...

CVE-2022-37161

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting XSS via SVG file upload...

Claroline 跨站脚本漏洞

Claroline is an open source learning management system from Claroline Open Source. A security vulnerability exists in Claroline version 13.5.7 and earlier versions, which stems from a cross-site scripting XSS attack via SVG file uploads...

PT-2022-23849 · Claroline · Claroline

Name of the Vulnerable Software and Affected Versions: Claroline versions prior to 13.5.8 Description: The issue is related to Cross Site Scripting XSS via SVG file upload. This means an attacker could potentially inject malicious scripts into the system by uploading specially crafted SVG files...

Demystifying Qbot Malware

Demystifying Qbot Malware By Adithya Chandra · August 24, 2022 This blog was also written by Sushant Kumar Arya Executive summary The Trellix SecOps Team has observed an uptick in the Qbot malware infections in recent months. Qbot has been an active threat for over 14 years and continues to evolv...

CVE-2022-34648

Authenticated author+ Stored Cross-Site Scripting XSS vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin = 1.0.1 at WordPress...

WordPress plugin Uploading SVG, WEBP and ICO files 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a flaw found in the Linux kernel memory deduplication mechanism, which can be exploited by an attacker to attack memory deduplication v...

Malicious code in react-nati0e-vecor-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e0e350c78d225cd75ed5e2ca0291e0d192e6892797c1a7a61c762bfcb2fe39e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5655 Malicious code in react-nati0e-vecor-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e0e350c78d225cd75ed5e2ca0291e0d192e6892797c1a7a61c762bfcb2fe39e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AsyncRAT C2 Framework: Overview, Technical Analysis & Detection

In this blog we describe the AsyncRAT C2 command & control Framework, which allows attackers to remotely monitor and control other computers over a secure encrypted link. We provide an overview of this threat, a technical analysis, and a method of detecting the malware using Qualys Multi-Vector...

CVE-2022-36153

tifig v0.2.2 was discovered to contain a segmentation violation via std::vector ::size const at /bits/stlvector.h...

CVE-2022-36153

tifig v0.2.2 was discovered to contain a segmentation violation via std::vector ::size const at /bits/stlvector.h...

CVE-2022-36153

tifig v0.2.2 was discovered to contain a segmentation violation via std::vector ::size const at /bits/stlvector.h...

CVE-2022-35481

OTFCC v0.10.4 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S...

Code injection

tifig v0.2.2 was discovered to contain a segmentation violation via std::vector ::size const at /bits/stlvector.h...

CVE-2022-36153

CVE-2022-36153 affects tifig v0.2.2, where a segmentation violation can occur through the use of std::vector::size() in /bits/stl_vector.h. The issue is documented across multiple sources (NVD entry and Red Hat/OSV/CVE lists) consistently describing a memory/segmentation fault in tifig 0.2.2. The...