Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-47471: SEGV in libde265 in slice_segment_header::dump_slice_segment_header · Issue #426 · strukturag/libde265

Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component.

CVE
Open in Source
#vulnerability#ubuntu#dos#git#c++#buffer_overflow
CVE-2023-47470: avcodec/evc_ps: Check ref_pic_num and sps_max_dec_pic_buffering_minus1 · FFmpeg/FFmpeg@4565747

Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c

GHSA-6944-6pmv-6mp2: free5gc Buffer Overflow vulnerability

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero.

CVE-2023-48200: GitHub - grocy/grocy: ERP beyond your fridge - Grocy is a web-based self-hosted groceries & household management solution for your home

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component.

Ransomware review: November 2023

In September, two high-profile casino breaches taught us about the nuances of the RaaS affiliate landscape, the asymmetric dangers of phishing, and of two starkly different approaches to ransomware negotiation.

CVE-2023-47444: Static Code Injections in OpenCart (CVE-2023-47444)

An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.

CVE-2023-47347: [Bugs] UPF crash caused by malformed PFCP messages whose Sequence Number is mutated to overflow bytes · Issue #496 · free5gc/free5gc

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes.

CVE-2023-47345: [Bugs] UPF crash caused by malformed PFCP messages whose 1st IE length is mutated to zero · Issue #483 · free5gc/free5gc

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero.

Chinese Scammers Exploit Cloned Websites in Vast Gambling Network

By Waqas Chinese scammers have been creating cloned versions of legitimate websites, redirecting visitors to gambling sites. This is a post from HackRead.com Read the original post: Chinese Scammers Exploit Cloned Websites in Vast Gambling Network

CVE-2023-47637: SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()

Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.