5603 matches found
CVE-2022-35912
In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...
CVE-2022-35912
In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...
CVE-2022-35912
In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...
Code injection
In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 at least when certain Java 8 configurations are used, data binding allows a remote attacker to execute code by gaining access to the class loader...
Grails 代码注入漏洞
Grails is the Grails project is based on the Groovy programming language and a set of rapid development of Web applications for the open source framework . A security vulnerability in Grails-databinding versions prior to 3.3.15, 4.x versions prior to 4.1.1, 5.x versions prior to 5.1.9, and 5.2.x...
Malicious Package
Overview deere-ui-loader is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...
The vulnerability of the loader for microprogramming software SEPCOS Single Package relay controllers and Secheron SEPCOS systems allows a hacker to load arbitrary files.
The vulnerability of the file loading handler in the microprogramming software SEPCOS Single Package Relays and Security Devices Secheron SEPCOS is related to the improper implementation of the sequence of actions to be performed. Exploiting this vulnerability allows a malicious actor to load any...
Malicious code in bc-image-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f9a3588bff533b8322b9e36266236764d4c1404bc04e9480315d04aa9a292a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1476 Malicious code in bc-image-loader (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1f9a3588bff533b8322b9e36266236764d4c1404bc04e9480315d04aa9a292a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-25046
A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request...
PT-2022-17062 · Cwp · Cwp
Name of the Vulnerable Software and Affected Versions: CWP version 0.9.8.1122 Description: A path traversal vulnerability in loader.php allows attackers to execute arbitrary code via a crafted POST request. Recommendations: For CWP version 0.9.8.1122, consider disabling the loader.php file until ...
The vulnerability of the CGM_NIST_Loader.dll library, a tool for 3D JT and JT2Go viewing, as well as the Teamcenter Visualization lifecycle management system, allows attackers to execute arbitrary code.
The vulnerability of the CGMNISTLoader.dll library, used by the 3D JT and JT2Go visualization tools, as well as the Teamcenter Visualization lifecycle management system, is related to the re-release of memory during syntax analysis of CGM files. Exploiting this vulnerability could allow attackers...
The vulnerability of the CGM_NIST_Loader.dll library, a tool for 3D JT and JT2Go viewing, as well as the Teamcenter Visualization lifecycle management system, allows attackers to trigger a service failure.
The vulnerability of the CGMNISTLoader.dll library, used by the 3D JT and JT2Go visualization tools, as well as the Teamcenter Visualization lifecycle management system, is related to errors in pointer assignment during CGM file syntax analysis. Exploiting this vulnerability can allow attackers t...
The vulnerability of the Mono_Loader.dll library, used by 3D JT and JT2Go visualization tools, as well as the Teamcenter Visualization lifecycle management system, allows a hacker to trigger a service failure.
The vulnerability of the MonoLoader.dll library, which is used by 3D JT and JT2Go visualization tools, as well as the Teamcenter Visualization lifecycle management system, is related to a numerical overflow issue during syntax analysis of TG4 files. Exploiting this vulnerability can allow attacke...
The vulnerability of the CGM_NIST_Loader.dll library, a tool for 3D JT and JT2Go viewing, as well as the Teamcenter Visualization lifecycle management system, allows attackers to trigger a service failure.
The vulnerability of the CGMNISTLoader.dll library, used by the 3D JT and JT2Go visualization tools, as well as the Teamcenter Visualization lifecycle management system, is related to errors in pointer assignment during CGM file syntax analysis. Exploiting this vulnerability can allow attackers t...
Debian DSA-5176-1 : blender - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5176 advisory. Multiple vulnerabilities have been discovered in various image parsers in Blender, a 3D modeller/ renderer, which may result in denial of service or the...
Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers
A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence...
Das U-Boot 缓冲区错误漏洞
Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios & MicroBlaze. A security vulnerability exists in Das U-Boot versions v2020.10 through v2022.07-rc3. An attacker can...
Bronze Starlight uses loader malware to deploy ransomware
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary Bronze Starlight, a Chinese APT, is deploying ransomware LockFile, AtomSilo, Rook, Night Sky, and Pandora via the HUI loader malware to carry out double extortion...
opensearch-ruby 代码问题漏洞
opensearch-ruby is an open source Ruby client for OpenSearch from opensearch-project. A code issue vulnerability exists in opensearch-ruby that stems from the use of the ruby YAML.load function instead of YAML.safeload in versions prior to 2.0.1. As a result, opensearch-ruby 2.0.0 and earlier may...