Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

CVE-2022-41842: Download Xpdf and XpdfReader

An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.

CVE
Open in Source
#mac#windows#linux#apache#pdf
CVE-2022-41844: segmemtation fault at xpdf-4.04/xpdf/AcroForm.cc:538 - forum.xpdfreader.com

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.

What is User Flow and how to make one?

By Owais Sultan User Flow is a technique that allows you to quickly map the entire flow of screens on your… This is a post from HackRead.com Read the original post: What is User Flow and how to make one?

CVE-2022-40407: Security issues - Chamilo LMS

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEP#MAVERICK by Securonix, also targeted a strategic supplier to the F-35 Lightning II fighter aircraft. "The attack was carried out

CVE-2022-38222: [BUG] use-after-free in pdfimages,xpdf-4.04 - forum.xpdfreader.com

There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

Sophisticated Covert Cyberattack Campaign Targets Military Contractors

Malware used in the STEEP#MAVERICK campaign features rarely seen obfuscation, anti-analysis, and evasion capabilities.

CVE-2022-40942: vulnerability/stack overflow via compare_parentcontrol_time.pdf at main · Rumble0x0/vulnerability

Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.

Time to Change Our Flawed Approach to Security Awareness

Defend against phishing attacks with more than user training. Measure users' suspicion levels along with cognitive and behavioral factors, then build a risk index and use the information to better protect those who are most vulnerable.

Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware

A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT). "This campaign features enhancements and a shift toward LNK (Windows shortcut) files when compared to similar attacks in the past," Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a Tuesday write-up. Sold on the dark web for €