PT-2022-3849 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.3 Description: The issue is caused by a stack overflow in the njs default module loader function at /src/njs/src/njs module.c of the Nginx NJS interpreter. This could allow a remote attacker to impact the confidentiality...

Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems

Cybersecurity researchers have detailed a "simple but efficient" persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. "The attack starts with a malicious Word...

Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique

This blog post was authored by Ankur Saini, with contributions from Hossein Jazi and Jérôme Segura 2022-04-07: Added MITRE ATT&CK mappings 2022-04-07: Changed the name of the final payload from Vidar to Mars Stealer Colibri Loader is a relatively new piece of malware that first appeared on...

The vulnerability of the QPluginLoader component in the cross-platform development framework for Qt software allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the QPluginLoader component in the cross-platform software development framework for Qt relates to the ability to load plugins from the working directory. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and...

Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation

Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an "advanced multi-layered virtual machine" used by the malware to fly under the radar. Wslink, as the malicious loader is called, was...

PlugX: A Talisman to Behold

PlugX: A Talisman to Behold By Max Kersten, Marc Elias, Leandro Velasco, and Alexandre Mundo Alguacil · March 28, 2022 For over a decade, the PlugX malware has been observed internationally with different variants found around the world. This blog covers a PlugX variant that we have named Talisma...

CVE-2022-27938

stbimage.h aka the stb image loader 2.19, as used in libsixel and other products, has a reachable assertion in stbicreatepngimageraw...

DEBIAN-CVE-2022-27938

stbimage.h aka the stb image loader 2.19, as used in libsixel and other products, has a reachable assertion in stbicreatepngimageraw...

CVE-2022-27938

stbimage.h aka the stb image loader 2.19, as used in libsixel and other products, has a reachable assertion in stbicreatepngimageraw...

Authentication flaw

stbimage.h aka the stb image loader 2.19, as used in libsixel and other products, has a reachable assertion in stbicreatepngimageraw...

UBUNTU-CVE-2022-27938

stbimage.h aka the stb image loader 2.19, as used in libsixel and other products, has a reachable assertion in stbicreatepngimageraw...

CVE-2022-27938

CVE-2022-27938 affects stb_image.h version 2.19 (used by libsixel and other products). The issue is a reachable assertion in stbi__create_png_image_raw. Documented impact indicates a local impact with a high availability impact per CVSS 3.1 (vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) a...

stb_image.h 安全漏洞

stb is a single-file public domain library for C/C ++. stbimage.h is one of the image loaders. A security vulnerability exists in stbimage.h aka stb image loader 2.19, which stems from an assertion error in stbicreatepngimageraw...

Remote Code Execution (RCE)

post-loader is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization in an unsecure parser which allows an attacker to execute maliciously crafted script in the system...

@kamilic-pkg/toolbox (>=1.0.0 <=1.1.0), @q7/cli (>=0.0.2 <=0.2.0) +8 more potentially affected by CVE-2022-0748 via post-loader (>=1.1.2 <=2.0.0)

post-loader NPM version =1.1.2, =1.0.0, =0.0.2, =0.0.2, =0.1.0, =0.0.4, =0.0.1, =2.6.21, =0.0.2, =0.0.4 Source cves: CVE-2022-0748 Source advisory: OSV:GHSA-66WW-999Q-MFFQ...

GHSA-66WW-999Q-MFFQ Arbitrary code execution in post-loader

post-loader is webpack loader for blog posts written in Markdown. The package post-loader from 0.0.0 is vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. At this time, there...

CVE-2022-0748

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...

CVE-2022-0748

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...

CVE-2022-0748

CVE-2022-0748 affects the post-loader package (Webpack loader for Markdown blog posts). The root cause is unsafe handling of a Markdown parser which allows JavaScript in Markdown inputs to be evaluated and executed, enabling arbitrary code execution. Affected versions are 0.0.0 and later. Public ...

CVE-2022-0748

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...