1364 matches found
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
Mozilla: Memory corruption in JIT UpdateRegExpStatics
The Mozilla Foundation Security Advisory describes this flaw as: When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash...
SUSE CVE-2023-4577
When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2...
RHEL 7 : subscription-manager (RHSA-2023:4701)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4701 advisory. The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat...
MAL-2023-1475 Malicious code in initial-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 294f1805f4758e548e1a43655503cb3826eff0c9f6aee78d5d0a16bf74018504 The OpenSSF Package Analysis project identified 'initial-app' @ 9.0.1 npm as malicious. It is considered malicious because: - The package...
Over 120,000 Computers Compromised by Info Stealers Linked to Users of Cybercrime Forums
A "staggering" 120,000 computers infected by stealer malware have credentials associated with cybercrime forums, many of them belonging to malicious actors. The findings come from Hudson Rock, which analyzed data collected from computers compromised between 2018 to 2023. "Hackers around the world...
Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan
Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware referred to as Ursnif aka Gozi. "It is a sophisticated downloader with the objective of installing a...
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client. NOTE: some reports...
New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods
The P2PInfect peer-to-peer P2 worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security...
Juniper Junos OS Vulnerability (JSA10887)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA10887 advisory. - An authentication bypass vulnerability in the initial boot sequence of Juniper Networks Junos OS on vSRX Series may allow an attacker to gain full control of the system...
Possible Issues Related to Well Initial State
Lines of code Vulnerability details Description && Impact After creating the Well contract, there will be no reserves in the initial state. Therefore it could lead to the following possible issues and the attackers can take advantage of them through front running. 1. Price manipulation attacks Wh...
_addLiquidity() function will revert in first call
Lines of code Vulnerability details Impact The first user cant calls the addLiquidity function because this function doesn't handle the first call. addLiquidity function is calculate lp amount by calling calcLPTokenUnderlying function. so this function has a division for lpTokenSupply. in this...
Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks
The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest. The findings come from CrowdStrike, which is...
Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering
A threat actor known as Muddled Libra is targeting the business process outsourcing BPO industry with persistent attacks that leverage advanced social engineering ploys to gain initial access. "The attack style defining Muddled Libra appeared on the cybersecurity radar in late 2022 with the relea...
CVE-2023-24032
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker who has initial user access to a Zimbra server instance can execute commands as root by passing one of JVM arguments, leading to local privilege escalation LPE...
LockBit ransomware advisory from CISA provides interesting insights
The US Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, Multi-State Information Sharing and Analysis Center MS-ISAC, and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, France, and New Zealand CERT NZ, NCSC-NZ have all...