Data Stealing Malware Discovered in Popular Android Screen Recorder App

Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app APK package name "com.tsoft.app.iscreenrecorder", which accrued...

CVE-2023-2845

Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0...

CVE-2023-2845

CVE-2023-2845 targets the GitHub repository cloudexplorer-dev/cloudexplorer-lite and affects versions prior to v1.1.0. The root cause is improper access control, which can allow unauthorized actions within the application (as noted by multiple sources). All sources consistently cite an access-con...

CVE-2023-2844

CVE-2023-2844 affects cloudexplorer-lite prior to v1.1.0. The issue is an authorization bypass via a user-controlled key caused by missing authorization checks in the GitHub repository cloudexplorer-dev/cloudexplorer-lite. A PoC in Huntr shows an IDOR-style bypass where a user can impersonate ano...

kernel: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in sndac97devregister If deviceregister fails in sndac97devregister, it should call putdevice to give up reference, or the name allocated in devsetname is leaked...

The vulnerability of the `composite_dev_prepare()` function in the `drivers/usb/gadget/function/f_accessory.c` file of the USBFS file system driver for the Android operating system’s kernel allows a hacker to escalate their privileges.

The vulnerability of the compositedevprepare function in the drivers/usb/gadget/function/faccessory.c file of the USBFS file system driver for the Android operating system’s kernel is related to the lack of checks on buffer size. Exploiting this vulnerability could allow an attacker to increase...

RHEL 8 : Red Hat Single Sign-On 7.6.3 security update on RHEL 8 (Moderate) (RHSA-2023:2706)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2706 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

RHEL 9 : Red Hat Single Sign-On 7.6.3 security update on RHEL 9 (Moderate) (RHSA-2023:2707)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2707 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

RHEL 7 : Red Hat Single Sign-On 7.6.3 security update on RHEL 7 (Moderate) (RHSA-2023:2705)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2705 advisory. Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 9

New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

kernel: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in sndac97devregister If deviceregister fails in sndac97devregister, it should call putdevice to give up reference, or the name allocated in devsetname is leaked...

kernel: KVM: Unconditionally get a ref to /dev/kvm module when creating a VM

REJECTED CVE In the Linux kernel, the following vulnerability has been resolved: KVM: Unconditionally get a ref to /dev/kvm module when creating a VM...

CVE-2023-31284

illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net...

CVE-2023-31284

illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net...

Stack overflow

illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net...

CVE-2023-31284

illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net...

CVE-2023-31284

illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net...

PT-2023-23271 · Illumos · Illumos

Name of the Vulnerable Software and Affected Versions: illumos illumos-gate versions before 676abcb Description: The issue is a stack buffer overflow in /dev/net, which can lead to privilege escalation. This can be achieved via a stat on a long file name in /dev/net. Recommendations: For versions...

MAL-2023-1113 Malicious code in another-dev-dependency3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2abbde4690eaad1109288e153cb368899f235ec85219b2f867f2f11cfad6a078 The OpenSSF Package Analysis project identified 'another-dev-dependency3' @ 3.0.0 npm as malicious. It is considered malicious because: - The...

Malicious code in another-dev-dependency3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2abbde4690eaad1109288e153cb368899f235ec85219b2f867f2f11cfad6a078 The OpenSSF Package Analysis project identified 'another-dev-dependency3' @ 3.0.0 npm as malicious. It is considered malicious because: - The...