Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022

The Vice Society cybercrime group has disproportionately targeted educational institutions, accounting for 33 victims in 2022 and surpassing other ransomware families like LockBit, BlackCat, BianLian, and Hive. Other prominent industry verticals targeted include healthcare, governments,...

DEV-0139 launches targeted attacks against the cryptocurrency industry

Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but we have also observed threat...

node-sass-with-bindings (>=4.5.5 <=4.5.6) potentially affected by CVE-2022-25895 via lite-dev-server (=3.2.7)

lite-dev-server NPM version =3.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on lite-dev-server and may be impacted: - node-sass-with-bindings =4.5.5, =4.5.6 Source cves: CVE-2022-25895 Source advisory: SNYK:JS-LITEDEVSERVER-3153718...

Debian: Security Advisory (DSA-5292-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Directory Traversal

static-dev-server is vulnerable to directory traversal. The vulnerability is due when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory which allows an attacker to gain access to the restricted file directories and perfo...

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...

static-dev-server directory traversal vulnerability

static-dev-server is a simple http server for serving static resource files from a local directory and automatically reloading them when they change. A directory traversal vulnerability exists in all versions of npm static-dev-server, which stems from a lack of validity checking of paths when...

Remote Code Execution (RCE)

quarkus-vertx-http is vulnerable to remote code execution. The vulnerability exists in multiple functions due to drive-by localhost attacks which allows an attacker to inject and execute malicious query parameters via the Dev UI Config Editor...

Ubuntu 16.04 ESM : pixman vulnerability (USN-5718-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5718-2 advisory. USN-5718-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has extracted the...

GHSA-7FXM-C848-89Q8 static-dev-server vulnerable to path traversal

A path traversal vulnerability affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. There is currently no known workaround or fix for this issue...

CVE-2022-25848

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

CVE-2022-25848

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

Directory traversal

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

CVE-2022-25848 Directory Traversal

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

CVE-2022-25848 Directory Traversal

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

CVE-2022-25848

CVE-2022-25848 affects all versions of the npm package static-dev-server. The root cause is a directory traversal vulnerability caused by how paths from users to the root directory are joined, causing assets to be resolved relative to the root. This can enable access to arbitrary files on the und...

CVE-2022-45204

GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimCboxread at isomedia/boxcode3gpp.c...

static-dev-server 路径遍历漏洞

static-dev-server is a simple http server for serving static resource files from a local directory and automatically reloading them when they change. A directory traversal vulnerability exists in all versions of npm static-dev-server, which stems from a lack of validity checking of paths when...

CVE-2022-4202 GPAC lsr_dec.c lsr_translate_coords integer overflow

A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsrtranslatecoords of the file laser/lsrdec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclose...

PT-2022-17565 · Unknown · Static-Dev-Server

Name of the Vulnerable Software and Affected Versions: static-dev-server versions all Description: A path traversal issue affects the package. This occurs because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...