Denial of Service (DoS)

Overview google-protobuf is a Google's data interchange format. Affected versions of this package are vulnerable to Denial of Service DoS via the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unkno...

Ubuntu Enlightenment Mount Priv Esc

This module exploits a command injection within Enlightenment's enlightenmentsys binary. This is done by calling the mount command and feeding it paths which meet all of the system requirements, but execute a specific path as well due to a semi-colon being used. This module was tested on Ubuntu...

[SECURITY] Fedora 35 Update: libdxfrw-1.1.0-0.1.rc1.fc35

libdxfrw is a free C++ library to read and write DXF files in both formats, ASCII and binary form...

python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

CVE-2022-41419

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4Processor::Process function in the mp4encrypt binary...

Potential exposure to Microsoft Exchange CVE-2022-41040 / CVE-2022-41082 Exploit

Binary data exchangecve-2022-41040ioc.nbin...

Mattermost Server Detection

Binary data mattermostserverdetect.nbin...

CVE-2022-38222

There is a use-after-free issue in JBIG2Stream::close located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to for example the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact...

Mozilla Thunderbird: Multiple Vulnerabilities

Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...

Malicious Package

Overview binary-bot is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

NETGEAR R7000 Buffer Overflow Vulnerability (CNVD-2022-69163)

The NETGEAR R7000 is a wireless router from NETGEAR. A buffer overflow vulnerability exists in the NETGEAR R7000V1.0.11.13410.2.119 version, which originates from a stack overflow vulnerability due to strncat via the wl binary in the firmware that is susceptible to buffer overflow. An attacker ca...

Apache Tomcat < 8.5.78 Vulnerability

Binary data 701425.pasl...

Apache Tomcat < 9.0.62 Vulnerability

Binary data 701424.pasl...

North Korea's Lazarus Hackers Targeting macOS Users Interested in Crypto Jobs

The infamous Lazarus Group has continued its pattern of leveraging unsolicited job opportunities to deploy malware targeting Apple's macOS operating system. In the latest variant of the campaign observed by cybersecurity company SentinelOne last week, decoy documents advertising positions for the...

Google Chrome < 106.0.5249.61 Multiple Vulnerabilities

Binary data 701423.pasl...

SUSE: Security Advisory (SUSE-SU-2022:3401-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-39245 Mist vulnerable to user providing a Sudo binary for authentication checks

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known...

CVE-2022-39245 Mist vulnerable to user providing a Sudo binary for authentication checks

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known...

SharpNamedPipePTH - Pass The Hash To A Named Pipe For Token Impersonation

This project is a C tool to use Pass-the-Hash for authentication on a local Named Pipe for user Impersonation. You need a local administrator or SEImpersonate rights to use this. There is a blog post for explanation: https://s3cur3th1ssh1t.github.io/Named-Pipe-PTH/ It is heavily based on the code...

CrowdStrike Falcon Sensor Installed (Linux)

Binary data crowdstrikefalconsensornixinstalled.nbin...