CVE-2022-4969

CVE-2022-4969 describes a buffer overflow in the rockhopper Binary Parser’s function count_rows (ragged_array.c). The issue is triggered by manipulating the argument raw and requires local access to exploit. A fix is available in rockhopper v0.2.0, with patch reference 1a15fad5e06ae693eb9b8908363...

rockhopper 安全漏洞

rockhopper is an irregular array class by the bwoodsend personal developer: a 2D NumPy array containing rows of mismatched length. A security vulnerability exists in rockhopper 0.1.2 and earlier versions, which stems from a buffer overflow vulnerability in the file rockhopper/src/ragedarray.c in...

Fedora: Security Advisory for maturin (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Intel VTune Profiler Installed (Windows)

Binary data intelvtuneprofilerinstalled.nbin...

Intel Media SDK Installed (Linux)

Binary data intelmediasdklinuxinstalled.nbin...

SUSE CVE-2021-47486

In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix potential NULL dereference The bpfjitbinaryfree function requires a non-NULL argument. When the RISC-V BPF JIT fails to converge in NRJITITERATIONS steps, jitdata-header will be NULL, which triggers a NULL...

CVE-2024-4978

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands...

CVE-2024-4978

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands...

CVE-2024-4978

CVE-2024-4978 affects Justice AV Solutions (JAVS) Viewer v8.3.7 installed via the 8.3.7.250-1 bundle. The advisory documents a malicious binary (fffmpeg.exe) embedded in the installer and signed with an unexpected Vanguard Tech Limited Authenticode certificate. When executed, the binary can estab...

MantisBT Web Detection

Binary data mantisbtdetect.nbin...

A Catalog of Hazardous AV Sites – A Tale of Malware Hosting

A Catalog of Hazardous AV Sites – A Tale of Malware Hosting By Trellix · May 23, 2024 This blog was written by Gurumoorthi Ramanathan Executive summary In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files suc...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-paramiko) security update

An update for python-paramiko is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

Remote Code Execution (RCE)

3f/pygmentize is vulnerable to Remote Code Execution. The vulnerability is due to improper shell argument sanitization when passing user input to the PIGMENTS binary, which allows an attacker to cause Remote Code Execution...

JetBrains TeamCity Server Installed (Windows)

Binary data jetbrainsteamcitywininstalled.nbin...

CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit

CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-paramiko) (RHSA-2024:2768)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2768 advisory. Paramiko, a combination of the esperanto words for paranoid and friend, is a module for python 2.3 or greater that implements the SSH2 protocol for...

UBUNTU-CVE-2023-52781

In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usbgetbosdescriptor' The BOS descriptor defines a root descriptor and is the base descriptor for accessing a family of related descriptors. Function 'usbgetbosdescriptor' encounters an iterati...

Fluent Bit Detection

Binary data fluentbitdetect.nbin...