20 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-11547
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid...
Malicious code in gauss-react-rest (npm)
The package gauss-react-rest was found to contain malicious code...
MAL-2025-21216 Malicious code in gauss-react-rest (npm)
The package gauss-react-rest was found to contain malicious code...
fast-xml-parser vulnerable to ReDOS at currency parsing
Summary A ReDOS that exists on currency.js was discovered by Gauss Security Labs R&D team. Details https://github.com/NaturalIntelligence/fast-xml-parser/blob/v4.4.0/src/v5/valueParsers/currency.jsL10 contains a vulnerable regex PoC pass the following string '\t'.repeat13337 + '.' Impact Denial o...
CVE-2020-1790
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands...
gauss-mm.hu XSS vulnerability
Open Bug Bounty ID: OBB-693229 Description| Value ---|--- Affected Website:| gauss-mm.hu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden unti...
TiMidity++ 'resample_gauss' Function Denial of Service Vulnerability
TiMidity++ is an open source audio file converter and player that can convert MIDI files to other formats. A security vulnerability exists in the 'resamplegauss' function of the resample.c file in TiMidity++ version 2.14.0. A remote attacker can exploit this vulnerability to cause a denial of...
DEBIAN-CVE-2017-11547
The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...
Agent.btz Malware May Have Served as Starting Point for Red October, Turla
Researchers looking into the recently uncovered Turla, or Snake, cyber espionage campaign have discovered some similarities connecting it to older pieces of malware such as Agent.btz, the worm that several years ago infected U.S. military networks and eventually caused the Department of Defense t...
Stuxnet also infected the internal network of a Russian nuclear plant
We have a lot of information on Stuxnet virus, a powerful malware that for the first time has shown to governments the capabilities and efficiency of a cyber weapon. Eugene Kaspersky, CEO of Kasperky security firm revealed that Stuxnet had badly infected the internal network of a Russian nuclear...
2012: What Have We Learned
There’s a natural inclination for people at the end of each year to look back, take stock and try to draw some grand meaning or life lessons out of the events of the past 12 months. This is a particularly risky and difficult thing to do in the security industry, given its inherent unpredictabilit...
Tool Aids in Cracking Mysterious Gauss Malware Encryption
The mystery wrapped inside a riddle that is the Gauss malware’s encryption scheme may be closer to falling. Late last week, researcher Jens Steube, known as Atom, put the wraps on a tool that should bring experts closer to breaking open the encryption surrounding the espionage malware’s payload...
More Flame Modules Could Be Lurking
BROOKLYN, NY–After years of research and investigation into the cyber-espionage attacks that began with the discovery of Stuxnet and continued with Flame, Duqu and Gauss, there still are many details that are unknown. While researchers have a pretty good handle on many of the tools’ capabilities,...
miniFlame - A New cyber espionage malware discovered
Kaspersky has discovered new malware dubbed 'miniFlame', cyber espionage software directly linked to Flame. This new nation-state espionage malware that has ties to two previous espionage tools known as Flame and Gauss, and that appears to be a "high-precision, surgical attack tool" targeting...
Precision Espionage miniFlame Malware Tied to Flame, Gauss
One of three previously unseen pieces of malware discovered during forensic analysis of the Flame malware command-and-control servers has been identified as a secondary surveillance tool deployed against specially identified targets, and only after an initial Flame or Gauss compromise, researcher...
Gauss Malware Detection Tool released by Iranian CERT
Iranian National Computer Emergency Response Team releases a tool for Gauss malware detection. Cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab, a leading computer security firm. Gauss primarily...
Kaspersky Labs uncover 'Gauss' Espionage Malware hits Middle East banks
A new cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab, a leading computer security firm. After Stuxnet, Duqu, and Flame, this one seems to mainly spy on computer users in Lebanon. It's been dubb...
Researchers Release Detection Tool For Gauss Malware's Palida Narrow Font
One of the many mysteries around the discovery of the Gauss malware is why the tool installs a new font called Palida Narrow on infected machines. Researchers have been unable to figure out yet what the purpose of the font is, but as its presence on a PC is a good indicator of a Gauss infection,...
Infographic: Stuxnet's Cyberwar Vines Untangled
Keeping track of the relationships between various malware families can be hard, especially when you’re talking about espionage tools such as Stuxnet and Gauss. Veracode has put together an infographic as a general recap of the life and times of Stuxnet, the much-discussed cyber worm that first...
New Gauss Malware, Descended From Flame and Stuxnet, Found On Thousands of PCs in Middle East
A new piece of malware dubbed Gauss, that experts say is a direct descendant of Flame and also related to Stuxnet and Duqu, has been found on thousands of PCs in the Middle East, mostly in Lebanon. Gauss contains some of the same code as Flame, but is markedly different in a number of respects,...