AZL-33601 CVE-2024-0565 affecting package kernel for versions less than 5.15.153.1-1

An out-of-bounds memory read flaw was found in receiveencryptedstandard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service...

[SECURITY] Fedora 39 Update: openssh-9.3p1-10.fc39

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

CVE-2023-20573

A flaw was found in AMD hardware using the Secure Encrypted Virtualization – Secure Nested Paging SEV-SNP feature. This issue may allow a privileged attacker to prevent the delivery of debug exceptions to SEV-SNP guests, potentially resulting in guests not receiving expected debug information...

Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload

Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic or AMOS, indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its...

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS)

A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM adversary-in-the-middle attack between the SQL client and the SQL server. This may allow the attacker to stea...

Malicious code in @jitoz/encrypted-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3af49316b1efc259d2545cff00e0c101dc96335f4a8e6c3dfa80e68339674ab9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-57 Malicious code in @jitoz/encrypted-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3af49316b1efc259d2545cff00e0c101dc96335f4a8e6c3dfa80e68339674ab9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Design/Logic Flaw

An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting...

Amazon Linux 2 : bluez (ALAS-2024-2386)

The version of bluez installed on the remote host is prior to 5.44-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2386 advisory. bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution CVE-2023-45866 Tenable has...

DTLS: Deprecated DTLSv1.0 Detection

It was possible to detect the usage of the deprecated DTLSv1.0 protocol on this system. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

GLSA-202401-03 : BlueZ: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-202401-03 BlueZ: Privilege Escalation - Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitti...

[SECURITY] [DSA 5594-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5594-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 02, 2024 https://www.debian.org/security/faq -...

Mozilla: Truncated signed text was shown with a valid OpenPGP signature

The Mozilla Foundation Security Advisory: When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header...

Velociraptor 0.7.1 Release

Written by Dr. Michael Cohen Sigma Support, ETW Multiplexing, Local Encrypted Storage and New VQL Capabilities Highlight the Last Release of 2023 Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities th...

Velociraptor 0.7.1 Release

Written by Dr. Michael Cohen Sigma Support, ETW Multiplexing, Local Encrypted Storage and New VQL Capabilities Highlight the Last Release of 2023 Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities th...

Denial Of Service

asterisk:sid is vulnerable to denial of service. The vulnerability due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. It allows an attacker can be done continuously, thus denying new DTLS-SRTP encrypted calls which can leads to denia...

OESA-2023-1948 bluez security update

This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A. Security Fixes: Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and...

Debian DSA-5584-1 : bluez - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5584 advisory. It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile...

GHSA-MHPQ-9638-X6PW Duplicate Advisory: Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6294-6rgp-fr7r. This link is maintained to preserve external references. Original Description An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted,...

GO-2023-2409 Denial of service when decrypting attacker controlled input in github.com/dvsekhvalnov/jose2go

An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted, produces a denial-of-service...