EUVD-2015-1597

Malware in sbrugna...

UBUNTU-CVE-2025-2849

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::unDTINIT of the file src/plxelf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been...

LodaRAT: Established Malware, New Victim Patterns

Executive Summary Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave. LodaRAT, first observed in 2016, is a remote access tool RAT written in AutoIt. Development of...

Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters

Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Cloud security firm Wiz, which shed light on the activity, said it's an updated variant of a financially motivated operation that was first documente...

UBUNTU-CVE-2024-3209

A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function getne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this...

New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner

Sysrv is a well-documented botnet first identified in 2020, with the main payload being a worm written in Golang. It drops a cryptominer onto infected hosts before attempting to propagate itself using various methods, including network vulnerabilities. Over the past few years, the botnet has...

Unveiling the Deceptive Dance: Phobos Ransomware Masquerading As VX-Underground

During a recent hunt, Qualys Threat Research has come across a ransomware family known as Phobos, impersonating VX-Underground. Phobos ransomware has been knocking on our door since early 2019 and is often seen being distributed via stolen Remote Desktop Protocol RDP connections. Strongly believe...

SUSE CVE-2021-43317

A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func getle32. The problem is essentially caused in PackLinuxElf64::elflookup at plxelf.cpp:5404...

PT-2023-12431 · Upx +1 · Upx +1

Name of the Vulnerable Software and Affected Versions: upx affected versions not specified Description: A heap-based buffer overflow was discovered in upx. The issue occurs when the generic pointer p points to an inaccessible address in the get le32 function. This problem is essentially caused in...

SUSE CVE-2015-1462

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."...

SUSE CVE-2021-30500

Null pointer dereference was found in upx PackLinuxElf::canUnpack in plxelf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file...

UBUNTU-CVE-2021-20285

A flaw was found in upx canPack in plxelf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service SEGV or buffer overflow and application crash or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability...

LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers

Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across...

DEBIAN-CVE-2019-14296

canUnpack in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service SEGV or buffer overflow, and application crash or possibly have unspecified other impact via a crafted UPX packed file...

TAU Threat Intelligence Notification: Djvuu Ransomware

Summary Djvuu ransomware is believed to be a newer variant of the “Stop” ransomware strain, which was seen circulating in the early part of 2018. There are also similarities to the Goren-B trojan originally reported by Sophos back in 2016. Djvuu is likely to be delivered through phishing e-mail...

Mandriva Linux Security Advisory : clamav (MDVSA-2015:166)

Updated clamav packages fix security vulnerabilities : ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs : Certain JavaScript files causes ClamAV to segfault when scanned with the -a list archived files CVE-2013-6497. A heap buffer overflow was reported in...

Mandriva Linux Security Advisory : clamav (MDVSA-2015:042)

Updated clamav packages fix security vulnerabilities : ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs : Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a...

MGASA-2015-0056 Updated clamav packages fix security vulnerabilities

ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them being security bugs: Fix a heap out of bounds condition with crafted Yoda's crypter files. This issue was discovered by Felix Groebert of the Google Security Team. Fix a heap out of bounds condition with crafted mew packer file...

ClamAV heap buffer overflow vulnerability (CNVD-2015-00911)

ClamAV Clam AntiVirus is a free and open source antivirus program developed by the ClamAV team. The software is used to detect Trojans, viruses, malware and other malicious threats. A heap buffer overflow vulnerability exists in versions of ClamAV prior to 0.98.6, which stems from the program...

DEBIAN-CVE-2015-1462

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."...