5335 matches found
CVE-2023-0796
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e...
New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
After the U.S. Cybersecurity and Infrastructure Security Agency CISA released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a syste...
Reddit Suffers Security Breach Exposing Internal Documents and Source Code
Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a "sophisticated and...
EulerOS 2.0 SP10 : emacs (EulerOS-SA-2023-1382)
According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c us...
GHSA-29XX-HCV2-C4CP openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2iPKCS7, d2iPKCS7bio or d2iPKCS7fp functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in...
Malicious code in reporter-app-dist (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 916108fdfabf947f1521341be09140cd10809b0529e3bce843731f7785bfb702 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
Malicious code in test-npm-com-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx eb86ecfecc56220476e3c33bd4f86f95c17be6c7a9a7a3cdc9ca822205076380 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...
MAL-2023-745 Malicious code in reporter-app-dist (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 916108fdfabf947f1521341be09140cd10809b0529e3bce843731f7785bfb702 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
Malicious code in digital-staticsite (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7cf28f9b3aee1deb96e037e6f68421b07112de0026dc8406174bfc2f416ccd3e Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
Malicious code in kaluza-careers (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7fc6bb8e84e2499d431b69a1efe08fbdc626b2801e898180833dde64c951c39e Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
Important: emacs
Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggest...
MAL-2023-8038 Malicious code in test-npm-com-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx eb86ecfecc56220476e3c33bd4f86f95c17be6c7a9a7a3cdc9ca822205076380 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...
MAL-2023-8028 Malicious code in kaluza-careers (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7fc6bb8e84e2499d431b69a1efe08fbdc626b2801e898180833dde64c951c39e Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
MAL-2023-251 Malicious code in digital-staticsite (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7cf28f9b3aee1deb96e037e6f68421b07112de0026dc8406174bfc2f416ccd3e Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
MAL-2023-757 Malicious code in samuelpoctester (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1f7b2e15c0c93b4a5ee61dc9bede38e31e95af4885247c9d4c30d4846d2d67ed Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
Heap Buffer Overflow in function gf_isom_box_size at src/isomedia/box_funcs.c:1997
Description Heap Buffer Overflow in function gfisomboxsize at src/isomedia/boxfuncs.c:1997 gpac version git log commit bbca869177585aaca8eb66d8541079e6f364798e HEAD - master, origin/master, origin/HEAD Author: jeanlf Date: Wed Jan 18 11:40:30 2023 +0100 fixed potentially missing last packets in...
Malicious code in angular-1.8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3d45e146db01c8e2d986dd73f9991c083be30195ff986c99817c93e1be410b60 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
MAL-2023-8010 Malicious code in angular-1.8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3d45e146db01c8e2d986dd73f9991c083be30195ff986c99817c93e1be410b60 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
Code injection
BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the...
Riot Games refuses to pay ransom to avoid League of Legends leak
After confirming threat actors were able to steal some of its code, Riot Games has also revealed that it received a ransom email from its attacker. The attackers demanding $10 million to stop them leaking source code from League of Legend's and other games. Riot's reply? Today, we received a rans...