RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts

The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leak...

ALPINE-CVE-2023-25652

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

UBUNTU-CVE-2023-25652

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to git apply --reject, a path outside the working tree can be overwritten with partially controlled contents...

PT-2023-18378 · Sourcecodester · Sourcecodester Task Reminder System

Name of the Vulnerable Software and Affected Versions: SourceCodester Task Reminder System version 1.0 Description: A critical issue was found in the system, affecting the file /admin/reminders/manage reminder.php. The manipulation of the id argument leads to SQL injection. It is possible to...

PT-2023-17292

Name of the Vulnerable Software and Affected Versions Eskom Water Metering Software versions prior to 23.04.06 Description The issue is related to an SQL Injection vulnerability, which allows for Command Line Execution through SQL Injection. This is due to the improper neutralization of special...

PT-2023-17435 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: novel-plus version 3.6.2 Description: A critical issue affects the processing of the file "/author/list?limit=10&offset=0&order=desc". The manipulation of the sort argument leads to SQL injection. This issue can be exploited remotely...

DUALSPACE 安全漏洞

DUALSPACE is an application dual-opening tool for the Android platform. A security vulnerability exists in DUALSPACE version 1.1.3, which originated from allowing a local attacker to gain privileges via the keyadnewuseravoidtime field...

CVE-2023-1842

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

CVE-2023-27192

An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the keywifisafenetcheckurl, KEYCirusscanwhitelist and KEYADNEWUSERAVOIDTIME parameters...

Design/Logic Flaw

An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker to cause a denial of service via the keywifisafenetcheckurl, KEYCirusscanwhitelist and KEYADNEWUSERAVOIDTIME parameters...

Malicious Package

Overview fancode-fc-tools is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Malicious Package

Overview @miro-site/features-standard-header is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerab...

Malicious Package

Overview gina is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was installe...

Malicious Package

Overview iris-node-common is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Malicious Package

Overview react-sports is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview xdefi-distribution is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

UBUNTU-CVE-2023-28625

modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...

SUSE CVE-2023-28643

Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will replace the first one instead of being renamed to name 2. It is recommended that the Nextcloud Server...

DEBIAN-CVE-2023-28642

runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc...

Malicious Package

Overview cirrus-matchmaker is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...