The vulnerability of the _bfd_elf_slurp_version_tables function in the elf.c component of the GNU Binutils development environment allows a hacker to induce a service failure.

The vulnerability of the bfdelfslurpversiontables function in the elf.c component of the GNU Binutils development environment is related to the allocation of unlimited memory. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created ELF file...

The vulnerability in the `print_gnu_property_note` function of the `readelf.c` component of the GNU Binutils development environment allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the printgnupropertynote function in the readelf.c component of the GNU Binutils development environment is related to integer overflow. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the _bfd_stab_section_find_nearest_line function in the syms.c component of the GNU Binutils development environment allows a attacker to cause a service failure.

The vulnerability of the bfdstabsectionfindnearestline function in the syss.c component of the GNU Binutils development environment is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to trigger a service failur...

The vulnerability of the bfd_getl32 function in the libbfd.c component of the GNU Binutils development environment allows a attacker to cause a service failure.

The vulnerability of the bfdgetl32 function in the libbfd.c component of the GNU Binutils development environment involves reading data beyond the acceptable buffer size. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created PE file...

The vulnerability of the bfd_zalloc function in the opncls.c component of the GNU Binutils development environment allows a attacker to cause a service failure.

The vulnerability of the bfdzalloc function in the opncls.c component of the GNU Binutils development environment is related to the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a...

Millenium RAT the $30 Access Ticket to Data Theft

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Millenium RAT, a Win32 executable built on .NET, specifically version 2.4, is available on GitHub for a one-time fee of $30, granting lifetime access. Notably, this RAT is actively developed and has...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-3127)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2023-1699380962 Fix CVE(s): CVE-2022-48063

SECURITY UPDATE: fix an attempt to allocate an unreasonably large amount of memory when parsing a corrupt ELF file - debian/patches/CVE-2022-48063.patch: Check for excessively large sections - CVE-2022-48063...

PT-2023-21793 · Unknown · Tz Secure Os

Name of the Vulnerable Software and Affected Versions: TZ Secure OS affected versions not specified Description: The issue is related to memory corruption in TZ Secure OS when loading an app ELF. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

[SECURITY] Fedora 39 Update: python2.7-2.7.18-35.fc39

Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especial ly how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been...

Suspected Exploitation of Apache ActiveMQ CVE-2023-46604

Tom Elkins, John Fenninger, Evan McCann, Matthew Smith, and Micah Young contributed attacker behavior insights to this blog. Beginning Friday, October 27, Rapid7 Managed Detection and Response MDR identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer...

SUSE CVE-2015-3315

Automatic Bug Reporting Tool ABRT allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on 1 /var/tmp/abrt//maps, 2 /tmp/jvm-/hserror.log, 3 /proc//exe, 4 /etc/os-release in a chroot, or 5 an unspecified root directory relate...

A cascade of compromise: unveiling Lazarus’ new campaign

Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. Whats remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendors systems continued to use the...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2023:4213-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4213-1 advisory. - It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an...

Fedora 38 : firefox (2023-7cdf31bb36)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7cdf31bb36 advisory. - Update to latest upstream 119.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

CVE-2023-5727

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 119,...

Command injection

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 119,...

CVE-2023-5727

The Mozilla Foundation Security Advisory describes this flaw as: The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. Note: This issue only affected Windows operating systems. Other operating...

CVE-2023-5727

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 119,...

CVE-2023-5727

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 119,...