[SECURITY] Fedora 35 Update: golang-gioui-0-7.20201225git18d4dbf.fc35

Immediate mode GUI programs in Go for Android, iOS, macOS, Linux, FreeBSD, OpenBSD, Windows, and WebAssembly experimental. See the project page gioui. org for documentation and more information...

A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.

...

libsixel resource management error vulnerability (CNVD-2022-31765)

libsixel is a package that provides encoding/decoding implementations for DEC SIXEL graphics and other converter programs. A resource management error vulnerability exists in libsixel version 1.10.0, which stems from the presence of post-release reuse in libsixel/src/dither.c:379. An attacker cou...

libsixel buffer overflow vulnerability (CNVD-2022-31763)

libsixel is a package that provides encoding/decoding implementations for DEC SIXEL graphics and other converter programs. A buffer overflow vulnerability exists in versions of libsixel prior to 1.10, which stems from a buffer overflow in libsixel/src/quant.c:867. A remote attacker could exploit...

DEBIAN-CVE-2021-42780

A use after return issue was found in Opensc before version 0.22.0 in insertpin function that could potentially crash programs using the library...

Microsoft Remote Procedure Call Runtime Remote Code Execution Vulnerability

Microsoft Remote Procedure Call Runtime is a technology used to create distributed client/server programs from Microsoft Corporation USA. The vulnerability can be exploited to execute arbitrary code on the system...

[SECURITY] Fedora 35 Update: postgresql-jdbc-42.2.25-1.fc35

PostgreSQL is an advanced Object-Relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database...

[SECURITY] Fedora 35 Update: community-mysql-8.0.28-1.fc35

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Microsoft Windows Remote Procedure Call Runtime 代码注入漏洞

Microsoft Windows Remote Procedure Call Runtime is a powerful technology for creating distributed client/server programs from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Windows Remote Procedure Call Runtime. The following products and versions are affected:...

troubledteenprograms.org Cross Site Scripting vulnerability OBB-2482451

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Live-Forensicator - Powershell Script To Aid Incidence Response And Live Forensics

Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data...

Critical Bugs in Rockwell PLC Could Allow Hackers to Implant Malicious Code

Two new security vulnerabilities have been disclosed in Rockwell Automation's programmable logic controllers PLCs and engineering workstation software that could be exploited by an attacker to inject malicious code on affected systems and stealthily modify automation processes. The flaws have the...

Magic Hound Exploiting Old Microsoft Exchange ProxyShell Vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here APT35 aka Magic Hound, an Iranian-backed threat group, has begun using Microsoft Exchange ProxyShell vulnerabilities as an initial attack vector and to execute code through multiple web shells. The group has primarily targeted...

Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server HFS or HttpFileServer allows remote attackers to execute arbitrary programs...

Linux kernel block_invalidatepage function denial of service vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux kernel blockinvalidatepage function, which can be exploited by an attacker to cause a program to crash...

CISA Warns CISOs to Brace for Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA, a United States federal agency under the oversight of the Department of Homeland Security, is urging business leaders and those responsible for digital security to prepare for attacks and adapt their digital security posture. This is...

Several Malware Families Using Pay-Per-Install Service to Expand Their Targets

A detailed examination of a Pay-per-install PPI malware service called PrivateLoader has revealed its crucial role in the delivery of a variety of malware such as SmokeLoader, RedLine Stealer, Vidar, Raccoon, and GCleaner since at least May 2021. Loaders are malicious programs used for loading...

[SECURITY] Fedora 34 Update: kernel-headers-5.16.5-100.fc34

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...

Open redirect

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce...

Mageia: Security Advisory (MGASA-2022-0021)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...