SUSE CVE-2021-45944

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampleddatasample called from sampleddatacontinue and interp...

SUSE CVE-2022-35995

TensorFlow is an open source platform for machine learning. When AudioSummaryV2 receives an input samplerate with more than one element, it gives a CHECK fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox

Orcus is a Remote Access Trojan with some distinctive characteristics. The RAT allows attackers to create plugins and offers a robust core feature set that makes it quite a dangerous malicious program in its class. RAT is quite a stable type that always makes it to the top. --- ANY.RUN's top...

New Backdoor Created Using Leaked CIA's Hive Malware Discovered in the Wild

Unidentified threat actors have deployed a new backdoor that borrows its features from the U.S. Central Intelligence Agency CIA's Hive multi-platform malware suite, the source code of which was released by WikiLeaks in November 2017. "This is the first time we caught a variant of the CIA Hive...

OESA-2023-1024 python-pillow security update

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. Security Fixes: Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.CVE-2022-45199...

DEBIAN-CVE-2022-47662

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault /stack overflow due to infinite recursion in MediaGetSample isomedia/media.c:662...

UBUNTU-CVE-2022-47662

GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault /stack overflow due to infinite recursion in MediaGetSample isomedia/media.c:662...

CVE-2022-43551

creationtimestamp| type| source ---|---|--- 2023-01-01 13:34:42+00:00| seen| https://t.me/cibsecurity/55246 2023-02-03 20:51:56+00:00| seen| https://t.me/ctinow/91255...

Dissecting the Empire C2 Framework

Introduction In this blog we will be taking a quick dive into Empire, a popular open-source post-exploitation framework. Empire provides an adversary with the capability to expand his foothold in a victim’s environment by leveraging hundreds of modules, RATs in multiple languages and stealthy C2...

GHSA-CQVQ-FVHR-V6HC `CHECK` failure in `SobolSample` via missing validation

Impact Another instance of CVE-2022-35935, where SobolSample is vulnerable to a denial of service via assumed scalar inputs, was found and fixed. python import tensorflow as tf tf.rawops.SobolSampledim=tf.constant1,0, numresults=tf.constant1, skip=tf.constant1 Patches We have patched the issue in...

ALPINE-CVE-2022-44638

In libpixman in Pixman before 0.42.2, there is an out-of-bounds write aka heap-based buffer overflow in rasterizeedges8 due to an integer overflow in pixmansamplefloory...

UBUNTU-CVE-2022-3670

A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

MAL-2022-2898 Malicious code in evernote-sdk-sample-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff8378dcd0078ecaa733a9b360f13732b44b784da338ad9421036071fb5ce742 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-40774

An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4StszAtom::GetSampleSize...

UBUNTU-CVE-2022-40774

An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4StszAtom::GetSampleSize...

PT-2022-25533 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 versions 1.6.0-639 and earlier Description: An issue was discovered in Bento4, where there is a NULL pointer dereference in the AP4 StszAtom::GetSampleSize function. Recommendations: For Bento4 versions 1.6.0-639 and earlier, consider...

CVE-2022-35995

TensorFlow is an open source platform for machine learning. When AudioSummaryV2 receives an input samplerate with more than one element, it gives a CHECK fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

GHSA-G9H5-VR8M-X2H4 TensorFlow vulnerable to `CHECK` fail in `AudioSummaryV2`

Impact When AudioSummaryV2 receives an input samplerate with more than one element, it gives a CHECK fails that can be used to trigger a denial of service attack. python import tensorflow as tf arg0='' arg1=tf.random.uniformshape=1,1, dtype=tf.float32, maxval=None arg2=tf.random.uniformshape=2,1,...

CVE-2022-38823

In TOTOLINK T6 V4.1.5cu.709B20210518, there is a hard coded password for root in /etc/shadow.sample...

CVE-2022-38823

In TOTOLINK T6 V4.1.5cu.709B20210518, there is a hard coded password for root in /etc/shadow.sample...