Read Time:6 Second
FEDORA-2023-5a91738e22
Packages in this update:
liferea-1.14.1-1.fc38
Update description:
Security fix for CVE-2023-1350
Yearly Archives: 2023
liferea-1.14.1-1.fc36
Read Time:6 Second
FEDORA-2023-f0ee64e7ec
Packages in this update:
liferea-1.14.1-1.fc36
Update description:
Security fix for CVE-2023-1350
DSA-5373 node-sqlite3 – security update
Read Time:8 Second
Dave McDaniel discovered that the SQLite3 bindings for Node.js were
susceptible to the execution of arbitrary JavaScript code if a binding
parameter is a crafted object.
CVE-2021-45423
Read Time:22 Second
A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports function from exports.c.. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfNames to iterate over it and set its components value. Therefore, the loop code assumes that exp->NumberOfFunctions is greater than ordinal at each iteration. This can lead to arbitrary code execution.
Remote Code Execution and Camera Access Flaws Found in Smart Intercoms
Read Time:4 Second
13 vulnerabilities were found in the E11 smart intercom devices by Chinese manufacturer Akuvox
Dark Pink APT group linked to new KamiKakaBot attacks in Southeast Asia
Read Time:28 Second
The recently identified Dark Pink advanced persistent threat (APT) group is likely behind a fresh set of KamiKakaBot malware attacks on ASEAN governments and military entities, according to Netherlands-based cybersecurity company ElecticIQ.
The attacks, which took place in February, were “almost identical” to those reported by Russia-based cybersecurity firm Group-IB on January 11, ElectricIQ said. Multiple overlapping techniques used in the campaigns helped EclecticIQ analysts attribute the recent attacks as likely to be the work of the Dark Pink APT group.
Dark Pink APT group linked to new KamiKakiBot attacks in Southeast Asia
Read Time:29 Second
The recently identified Dark Pink advanced persistent threat (APT) group is likely behind a fresh set of KamiKakaBot malware attacks on ASEAN governments and military entities, according to Netherlands-based cybersecurity company ElecticIQ.
The attacks, which took place in February, were “almost identical” to those reported by Russia-based cybersecurity firm Group-IB on January 11, 2023, ElectricIQ said. Multiple overlapping techniques used in the campaigns helped EclecticIQ analysts to attribute the recent attacks as likely to be the work of the Dark Pink APT group.
Dark Pink APT Group Deploys KamiKakaBot Against South Asian Entities
Read Time:4 Second
The relationship between Europe and ASEAN countries is being exploited with social engineering lures
USN-5949-1: Chromium vulnerabilities
Read Time:1 Minute, 50 Second
It was discovered that Chromium could be made to write out of bounds in
several components. A remote attacker could possibly use this issue to
corrupt memory via a crafted HTML page, resulting in a denial of service,
or possibly execute arbitrary code. (CVE-2023-0930, CVE-2023-1219,
CVE-2023-1220, CVE-2023-1222)
It was discovered that Chromium contained an integer overflow in the PDF
component. A remote attacker could possibly use this issue to corrupt
memory via a crafted PDF file, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2023-0933)
It was discovered that Chromium did not properly manage memory in several
components. A remote attacker could possibly use this issue to corrupt
memory via a crafted HTML page, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2023-0941, CVE-2023-0928,
CVE-2023-0929, CVE-2023-0931, CVE-2023-1213, CVE-2023-1216, CVE-2023-1218)
It was discovered that Chromium did not correctly distinguish data types
in several components. A remote attacker could possibly use this issue to
corrupt memory via a crafted HTML page, resulting in a denial of service,
or possibly execute arbitrary code. (CVE-2023-1214, CVE-2023-1215,
CVE-2023-1235)
It was discovered that Chromium insufficiently enforced policies. An
attacker could possibly use this issue to bypass navigation restrictions.
(CVE-2023-1221, CVE-2023-1224)
It was discovered that Chromium insufficiently enforced policies in Web
Payments API. A remote attacker could possibly use this issue to bypass
content security policy via a crafted HTML page. (CVE-2023-1226)
It was discovered that Chromium contained an inappropriate implementation
in the Permission prompts component. A remote attacker could possibly use
this issue to bypass navigation restrictions via a crafted HTML page.
(CVE-2023-1229)
It was discovered that Chromium insufficiently enforced policies in
Resource Timing component. A remote attacker could possibly use this issue
to obtain sensitive information. (CVE-2023-1232, CVE-2023-1233)
It was discovered that Chromium contained an inappropriate implementation
in the Internals component. A remote attacker could possibly use this
issue to spoof the origin of an iframe via a crafted HTML page.
(CVE-2023-1236)
Infostealers Spread Via AI-Generated YouTube Videos
Read Time:4 Second
Infostealers observed to be delivered via these videos included Vidar, RedLine and Raccoon