943 matches found
CVE-2023-3610
A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFTMSGNEWRULE. The vulnerability requires CAPNETADMIN to be triggered...
The Unrelenting Nature of TOITOIN Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The TOITOIN malware campaign, targeting businesses in the LATAM region, employs sophisticated techniques and multi-stage infection chains with numerous malware samples disguised as compressed ZIP archive...
Sensitive Data Exposure
Decidim and Decidim-meetings is vulnerable to Sensitive Data Exposure. The vulnerability is due to using a third party library Ransack which allows filtering data on all attributes and associations. This allows an attacker to exfiltrate non-public data from underlying database by traversing...
MAL-2023-1550 Malicious code in btc-api-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx f59f6e40fe31bd4d5d4aa5da8bc0d032e2bbff9166104dc707c2987f953a5d93 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-1558 Malicious code in kraken-prices (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4a67a11785828e7b3f7489127f8e07868a2e871b01726d0ddd2142345f94bb96 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
Malicious code in kucoin-prices (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx d89308a1cad90c22ac679c64ba69b184cebb0082f7d26962c26916f94b14fe1a Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-1559 Malicious code in kucoin-prices (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx d89308a1cad90c22ac679c64ba69b184cebb0082f7d26962c26916f94b14fe1a Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-314 Malicious code in eth-api-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx ae0229b0b9b6f52ad99cbadf592c4cd4a35c6b90764717a8d37ce843df055398 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
Vulnerable to MEV exploitation due to lack of slippage protection
Lines of code Vulnerability details Proof of Concept Function to decrease and increase liquidity are passing amount0Min and amount1Min as zero. This will result in MEV bots sandwiching transactions to extract value from it. In the worst case it will actually return zero or a very small value in...
MAL-2023-1549 Malicious code in binance-price (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 421081a4101ed61796fd72e7dec62cafa098a1d01934298a2ef82ef7187c4934 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-1551 Malicious code in coingecko-price (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 06ba52961b5d886349fdb5a7c3e6362cedaaa64cb5857d5645d7360a68d133d1 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-973 Malicious code in xml-fast-decoder (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3f72595dbe55afb8789d70686d9dfc77d102733a2090e76b1063b8a75dedd697 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-539 Malicious code in js-cookie-parser (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4db21916d97f75d76cd031171b76c9c5a2223cd3549d141bde479c6babb0569c Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
keycloak: oauth client impersonation
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to...
Apache Druid JNDI Injection Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Druid JNDI Injection RCE', 'Description' = %q This module is designed to exploit the JNDI injection vulnerability in Druid. The...
MAL-2023-782 Malicious code in snykaudit-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx bf00b336843da7a0cbe2b1557c0e5ddbe537d24eeff2270aae345803fc3efe83 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-209 Malicious code in couchcache-audit (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8f29bc9b9299e2320b971e1a84be244017e82f839d86bacd6894182b8699c411 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
openssl: Denial of service by excessive resource usage in verifying X509 policy constraints
A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...
Malicious code in sync-http-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 666c54b1098d52ea02eebf562d8cf02c1a736ee608eb15029543afd5181e4094 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
MAL-2023-107 Malicious code in assets-graph (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx e513e7556846ca62fa4d27646eef928d55f2c2954ce9caa51dd63643e2adf445 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...