92 matches found
CVE-2025-43864
A flaw was found in the React Router. This vulnerability allows an attacker to trigger a rendering error via a crafted X-React-Router-SPA-Mode header, which can result in cache poisoning. If a caching system is in place, the corrupted error response may be cached and served to subsequent users,...
CVE-2024-27766
Disputed A flaw was found in MariaDB. This flaw allows a remote attacker to use a specially crafted payload to execute arbitrary commands in certain configurations. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...
CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices
Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. "On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration...
CVE-2024-0760
A flaw was found in the bind9 package, where a malicious client may send many DNS messages over the TCP protocol, leading to instabilities on the server side and potentially causing a denial of service. The server will recover automatically once the attack ceases. Mitigation Mitigation for this...
CGA-R8CW-3RV5-559V
Bulletin has no description...
Crafting Shields: Defending Minecraft Servers Against DDoS Attacks
Minecraft, with over 500 million registered users and 166 million monthly players, faces significant risks from distributed denial-of-service DDoS attacks, threatening server functionality, player experience, and the game's reputation. Despite the prevalence of DDoS attacks on the game, the...
VexTrio: The Uber of Cybercrime - Brokering Malware for 60+ Affiliates
The threat actors behind ClearFake, SocGholish, and dozens of other e-crime outfits have established partnerships with another entity known as VexTrio as part of a massive "criminal affiliate program," new findings from Infoblox reveal. The latest development demonstrates the "breadth of their...
CVE-2023-45230
A security flaw was identified in EDK2, the open-source reference implementation of the UEFI specification, involving a buffer overflow vulnerability. This particular weakness enables an unauthorized attacker within the vicinity of the network to transmit a specifically crafted DHCPv6 message...
Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks
By Deeba Ahmed Another day, another zero-day flaw driving the cybersecurity world crazy. This is a post from HackRead.com Read the original post: Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks...
CVE-2023-37329
A heap-based buffer overflow vulnerability was found in the PGS Blu-ray subtitle decoder within GStreamer when processing specific files. This issue could allow a malicious third party to crash the application and execute code by manipulating the heap. Mitigation Mitigation for this issue is eith...
Analysis of Intellexa’s Predator Spyware
Amnesty International has published a comprehensive analysis of the Predator government spyware products. These technologies used to be the exclusive purview of organizations like the NSA. Now theyre available to every country on the planet--democratic, nondemocratic, authoritarian, whatever--for...
CVE-2023-32370
A vulnerability was found in webkit. A logic issue was addressed with improved validation. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to...
CVE-2020-22628
A flaw was found in the libraw library. This issue occurs due to an out-of-bounds read vulnerability that exists within the "LibRaw::stretch" function libraw\src\postprocessing\aspectratio.cpp when parsing a crafted CRW file. Mitigation Mitigation for this issue is either not available or the...
CVE-2023-20588
A division-by-zero error was found in hw on some AMD processors. This flaw can potentially return speculative data, resulting in loss of confidentiality. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteri...
Debian dla-3457 : duende - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3457 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3457-1 [email protected]...
A Shifting Attack Landscape: Rapid7’s 2022 Vulnerability Intelligence Report
Each year, the research team at Rapid7 analyzes thousands of vulnerabilities in order to identify their root causes, broaden understanding of attacker behavior, and provide actionable intelligence that guides security professionals at critical moments. Our annual Vulnerability Intelligence Report...
Malicious code in selfkillpushhacked (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx bd245f4d9514be8faac5dc156aa9509a560074144fd3b43a3d8b86854b1a960b EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in infopaypal (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 8423144621474c83b04d756b24f4c2a9d2cabc6c67b7ca57e326670015245f0b EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in edosint (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx c73b0d2af44a2d1a9c2a278e6b94ab9ec1f986b808f97fb28baf1b07183ef607 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in ultraproof (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3b562629d8cc8c65ba50e04c84a11d56d36e53dbbb191aa5a8b2c238dbd91dad EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...