Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

CVE-2023-26937: xpdf_Stack-backtracking/Stack_backtracking_gstring at main · huanglei3/xpdf_Stack-backtracking

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via GString::resize located in goo/GString.cc

CVE
Open in Source
#vulnerability#dos#git#pdf#buffer_overflow
CVE-2023-26938

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service viaSharedFile::readBlock located in goo/gfile.cc.

CVE-2023-26936: publicize CVE

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via gmalloc in gmem.cc

CVE-2021-23203: [SEC] CVE-2021-23203 - Improper access control in reporting engine o... · Issue #107695 · odoo/odoo

Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.

Iranian Hackers Launch Sophisticated Attacks Targeting Israel with Powerless Backdoor

An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits "strong overlaps" with a hacking crew known as APT35, Charming Kitten, Cobalt

Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware

A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week.  The Apple device management company attributed it

CVE-2023-29780: IoT-CVE/Third Reality Smart Blind Vulnerability Report.pdf at main · iot-sec23/IoT-CVE

Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes.

CVE-2023-30544: Kiwi TCMS 12.2

Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch. No known workarounds exist.

New All-in-One "EvilExtractor" Stealer for Windows Systems Surfaces on the Dark Web

A new "all-in-one" stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara Lin said. "It also contains environment checking and Anti-VM functions. Its primary purpose seems to be to

CVE-2023-23817: WordPress Simple PDF Viewer plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin <= 1.9 versions.