Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

Criminals target businesses with malicious extension for Meta's Ads Manager and accidentally leak stolen accounts

Categories: Threat Intelligence Tags: Meta Tags: Facebook Tags: malware Tags: ads manager Tags: chrome Tags: extension A group of criminals is actively targeting Facebook business users to gain access to their advertising accounts via malicious Chrome extensions. But we spotted that they made a mistake... (Read more...) The post Criminals target businesses with malicious extension for Meta's Ads Manager and accidentally leak stolen accounts appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#web#google#microsoft#intel#c++#auth#chrome
CVE-2023-37766: SEGV on unknown address 0x000000000038 · Issue #2516 · gpac/gpac

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.

CVE-2023-37765: SEGV on unknown address 0x000000000003(0x000000000009) · Issue #2515 · gpac/gpac

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.

CVE-2023-37174: SEGV on unknown address 0x000000012c29 · Issue #2505 · gpac/gpac

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.

CVE-2023-37767: SEGV on unknown address 0x000000000000 · Issue #2514 · gpac/gpac

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.

Botan C++ Crypto Algorithms Library 3.1.0

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

CVE-2023-2079: Changeset 2935565 for buymeacoffee – WordPress Plugin Repository

The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for unauthenticated attackers to update the plugins settings, via a forged request granted the attacker can trick a site's administrator into performing an action such as clicking on a link.

RomCom RAT Targeting NATO and Ukraine Support Groups

The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad. The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023. RomCom, also tracked under the names

GHSA-6628-q6j9-w8vg: gRPC Reachable Assertion issue

There exists an vulnerability causing an abort() to be called in gRPC.  The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != http, https) grpclb_client_stats: x (x == anything) On top of sending one of those headers, a later header must be sent that gets the total header size past 8KB. We recommend upgrading past git commit 2485fa94bd8a723e5c977d55a3ce10b301b437f8 or v1.53 and above.

CVE-2020-22336: pdfcrack / Bugs

An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function.