A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports function from exports.c.. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfNames to iterate over it and set its components value. Therefore, the loop code assumes that exp->NumberOfFunctions is greater than ordinal at each iteration. This can lead to arbitrary code execution.
13 vulnerabilities were found in the E11 smart intercom devices by Chinese manufacturer Akuvox
The recently identified Dark Pink advanced persistent threat (APT) group is likely behind a fresh set of KamiKakaBot malware attacks on ASEAN governments and military entities, according to Netherlands-based cybersecurity company ElecticIQ.
The attacks, which took place in February, were “almost identical” to those reported by Russia-based cybersecurity firm Group-IB on January 11, ElectricIQ said. Multiple overlapping techniques used in the campaigns helped EclecticIQ analysts attribute the recent attacks as likely to be the work of the Dark Pink APT group.
The recently identified Dark Pink advanced persistent threat (APT) group is likely behind a fresh set of KamiKakaBot malware attacks on ASEAN governments and military entities, according to Netherlands-based cybersecurity company ElecticIQ.
The attacks, which took place in February, were “almost identical” to those reported by Russia-based cybersecurity firm Group-IB on January 11, 2023, ElectricIQ said. Multiple overlapping techniques used in the campaigns helped EclecticIQ analysts to attribute the recent attacks as likely to be the work of the Dark Pink APT group.
The relationship between Europe and ASEAN countries is being exploited with social engineering lures
It was discovered that Chromium could be made to write out of bounds in
several components. A remote attacker could possibly use this issue to
corrupt memory via a crafted HTML page, resulting in a denial of service,
or possibly execute arbitrary code. (CVE-2023-0930, CVE-2023-1219,
CVE-2023-1220, CVE-2023-1222)
It was discovered that Chromium contained an integer overflow in the PDF
component. A remote attacker could possibly use this issue to corrupt
memory via a crafted PDF file, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2023-0933)
It was discovered that Chromium did not properly manage memory in several
components. A remote attacker could possibly use this issue to corrupt
memory via a crafted HTML page, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2023-0941, CVE-2023-0928,
CVE-2023-0929, CVE-2023-0931, CVE-2023-1213, CVE-2023-1216, CVE-2023-1218)
It was discovered that Chromium did not correctly distinguish data types
in several components. A remote attacker could possibly use this issue to
corrupt memory via a crafted HTML page, resulting in a denial of service,
or possibly execute arbitrary code. (CVE-2023-1214, CVE-2023-1215,
CVE-2023-1235)
It was discovered that Chromium insufficiently enforced policies. An
attacker could possibly use this issue to bypass navigation restrictions.
(CVE-2023-1221, CVE-2023-1224)
It was discovered that Chromium insufficiently enforced policies in Web
Payments API. A remote attacker could possibly use this issue to bypass
content security policy via a crafted HTML page. (CVE-2023-1226)
It was discovered that Chromium contained an inappropriate implementation
in the Permission prompts component. A remote attacker could possibly use
this issue to bypass navigation restrictions via a crafted HTML page.
(CVE-2023-1229)
It was discovered that Chromium insufficiently enforced policies in
Resource Timing component. A remote attacker could possibly use this issue
to obtain sensitive information. (CVE-2023-1232, CVE-2023-1233)
It was discovered that Chromium contained an inappropriate implementation
in the Internals component. A remote attacker could possibly use this
issue to spoof the origin of an iframe via a crafted HTML page.
(CVE-2023-1236)
Infostealers observed to be delivered via these videos included Vidar, RedLine and Raccoon
alsa-plugins-1.2.7.1-5.fc38
attract-mode-2.6.2-6.fc38
audacious-plugins-4.3-2.fc38
blender-3.4.1-16.fc38
celestia-1.7.0~20230305ebfcdb1-4.fc38
chromaprint-1.5.1-8.fc38
chromium-111.0.5563.64-2.fc38
ffmpeg-6.0-1.fc38
ffmpegthumbs-22.12.3-2.fc38
gstreamer1-plugin-libav-1.22.0-2.fc38
guacamole-server-1.5.0-2.fc38
haruna-0.10.3-3.fc38
indi-3rdparty-drivers-2.0.0-2.fc38
indi-3rdparty-libraries-2.0.0-1.fc38
k3b-22.12.3-2.fc38
kpipewire-5.27.2-2.fc38
kstars-3.6.3-1.fc38
libindi-2.0.0-3.fc38
loudgain-0.6.8-13.fc38
mlt-7.14.0-2.fc38
mpv-0.35.1-3.fc38
neatvnc-0.6.0-2.fc38
notcurses-3.0.8-6.fc38
nv-codec-headers-12.0.16.0-1.fc38
phd2-2.6.11^dev4^20230212a205f63-1.fc38
qmmp-2.1.2-4.fc38
qmmp-plugin-pack-2.1.0-5.fc38
qt6-qtmultimedia-6.4.2-4.fc38
qt6-qtwebengine-6.4.2-4.fc38
retroarch-1.15.0-4.fc38
siril-1.0.6-6.fc38
stellarium-1.2-8.fc38
unpaper-7.0.0-7.fc38
wf-recorder-0.3.1-0.3.20221225gita9725f7.fc38
xine-lib-1.2.13-1.fc38
FFmpeg 6.0 upgrade.
update to 111.0.5563.64. Fixes the following security issues:
CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941 CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227
Agentless cloud security solutions were among the most talked-about topics during the Cloud & Cyber Security Expo, set in London on March 8-9, 2023
It was discovered that Werkzeug did not properly handle the parsing of
nameless cookies. A remote attacker could possibly use this issue to
shadow other cookies. (CVE-2023-23934)
It was discovered that Werkzeug could be made to process unlimited number
of multipart form data parts. A remote attacker could possibly use this
issue to cause Werkzeug to consume resources, leading to a denial of
service. (CVE-2023-25577)
