MAL-2023-16 Malicious code in 3a-look (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9a61325b2b1ed4acb6eb7991d48682f56a090fbf84663645a94f4d8415e5b00b Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

Malicious code in algo-svnspawn (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1f38cb133dc99fe379a4d9e67ccd87a9a7ae7fe640b8287b926c41b8a594d45d Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

MAL-2023-1548 Malicious code in algo-svnspawn (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1f38cb133dc99fe379a4d9e67ccd87a9a7ae7fe640b8287b926c41b8a594d45d Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

Security Bulletin: OpenSSL security vulnerability CVE-2021-3449 and CVE-2021-3450 in IBM Safer Payments versions of 6.1 and 6.2 below 6.1.0.08 and 6.2.1.03

Summary CVE-2021-3449: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server t...

SUSE SLES12 Security Update : openssl (SUSE-SU-2023:1738-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:1738-1 advisory. - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that includ...

SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2023:1737-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1737-1 advisory. - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains...

Hacks at Pwn2Own Vancouver 2023

An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model ...

FreeBSD : OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints (1ba034fb-ca38-11ed-b242-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1ba034fb-ca38-11ed-b242-d4c9ef517024 advisory. - A security vulnerability has been identified in all supported versions of OpenSSL related to the...

SUSE CVE-2023-0464

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

Emotet resumes spam operations, switches to OneNote

Emotet resumed spamming operations on March 7, 2023, after a months-long hiatus. Initially leveraging heavily padded Microsoft Word documents to attempt to evade sandbox analysis and endpoint protection, the botnets switched to distributing malicious OneNote documents on March 16. Since returning...

AZL-31141 CVE-2023-0464 affecting package edk2 for versions less than 20230301gitf80f052277c8-34

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

AZL-37680 CVE-2023-0464 affecting package hvloader for versions less than 1.0.1-3

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

ALPINE-CVE-2023-0464

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

Design/Logic Flaw

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

UBUNTU-CVE-2023-0464

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

OpenSSL 1.0.2 < 1.0.2zh Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2zh. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2zh advisory. - Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact...

OpenSSL 3.0.0 < 3.0.9 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.9. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.9 advisory. - The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate...

CVE-2023-28115 Snappy vulnerable to PHAR deserialization, allowing remote code execution

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any...

CVE-2023-28115

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any...