Aggregator

A vulnerability, which was classified as problematic, was found in Mozilla Firefox up to 95. Affected is an unknown function. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2022-22742. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 95 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Popup Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-22741. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 95 and classified as problematic. Affected by this issue is some unknown functionality of the component Network Request Handler. The manipulation leads to use after free. This vulnerability is handled as CVE-2022-22740. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 95. It has been classified as problematic. This affects an unknown part. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-22738. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 95. It has been declared as problematic. This vulnerability affects unknown code of the component Audio File Handler. The manipulation leads to use after free. This vulnerability was named CVE-2022-22737. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 95 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to permission issues. This vulnerability is known as CVE-2022-22736. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 95. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to Remote Code Execution. This vulnerability is handled as CVE-2022-22739. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Thunderbird up to 91.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Edit Mode. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2022-22742. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 91.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Fullscreen Mode. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-22741. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 91.4. It has been classified as problematic. This affects an unknown part of the component Network Object Handler. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2022-22740. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 91.4. It has been declared as problematic. This vulnerability affects unknown code of the component CSS Filter Handler. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2022-22738. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 91.4. It has been rated as problematic. This issue affects some unknown processing of the component Audio File Handler. The manipulation leads to use after free. The identification of this vulnerability is CVE-2022-22737. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 91.4 and classified as critical. This issue affects some unknown processing. The manipulation leads to Remote Code Execution. The identification of this vulnerability is CVE-2022-22739. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Droit Elementor Addons Plugin up to 3.1.5 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2252. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ThemeIsle Orbit Fox Widget up to 2.10.32 on WordPress and classified as problematic. This issue affects some unknown processing of the component Registration Form Widget. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-2126. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in UnitedOver Digits Plugin 8.4.1 on WordPress. Affected is the function digits_save_settings. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-0203. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in wpdevteam EmbedPress Plugin up to 3.9.10 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Embed Widget. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-2128. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Metform Elementor Contact Form Builder Plugin up to 3.8.3 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-1585. The attack can be launched remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： 网络安全研究人员发现了一种与已知后门程序BPFDoor相关的新型控制器组件。该组件被用于2024年针对韩国、中国香港、缅甸、马来西亚和埃及电信、金融及零售行业的网络攻击。 趋势科技研究员Fernando Mercês在本周发布的技术报告中指出：该控制器可开启反向Shell，使攻击者通过横向移动深入受感染网络，控制更多系统或获取敏感数据。 该活动被中等置信度归因于追踪代号为Earth Bluecrow的威胁组织（亦被称为DecisiveArchitect、Red Dev 18和Red Menshen）。置信度较低的原因是BPFDoor恶意软件源代码已于2022年泄露，意味着其他黑客组织可能也在使用该工具。 BPFDoor是一款Linux后门程序，最早于2022年曝光。公开披露前至少一年，该恶意软件已被用作针对亚洲和中东实体的长期间谍工具。 其最显著特点是能为攻击者创建持久且隐蔽的通道，长期控制受感染工作站并窃取敏感数据。 该恶意软件得名于其使用的伯克利数据包过滤器（BPF）技术。该技术允许程序将网络过滤器附加到开放套接字，通过检查传入数据包并监测特定Magic Byte序列触发恶意行为。 Mercês解释：由于目标操作系统对BPF的实现方式，即使防火墙拦截了数据包，Magic Packet仍能触发后门——当数据包抵达内核的BPF引擎时，驻留的后门即被激活。此类特性常见于Rootkit，但在后门程序中极为罕见。 趋势科技最新分析发现，受攻击的Linux服务器还被一种此前未记录的恶意控制器感染。该控制器用于在横向移动后访问同一网络内其他受感染主机。 Mercês补充：控制器在发送BPFDoor植入的BPF过滤器所检测的Magic Packet前，会要求用户输入密码，该密码也将在BPFDoor端进行验证。 随后，控制器会根据提供的密码和命令行选项，指示受感染设备执行以下操作之一： 开启反向Shell 将新连接重定向至指定端口的Shell 确认后门处于活跃状态 需特别指出的是，控制器发送的密码必须与BPFDoor样本中的硬编码值匹配。该控制器除支持TCP、UDP和ICMP协议控制受感染主机外，还可启用加密模式确保通信安全。 此外，控制器支持直接模式（Direct Mode）——当输入正确密码时，攻击者可直连受感染设备并获取远程访问Shell。 Mercês警告：BPF为恶意软件开发者开启了未被探索的新可能。作为威胁研究人员，必须通过分析BPF代码为未来威胁做好准备，这将帮助组织抵御基于BPF的攻击。       消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络；  转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Adobe Flash Player. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2015-3124. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.