BokuLoader - A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike's Evasion Features!

A proof-of-concept User-Defined Reflective Loader UDRL which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor | Twitter | Notable Contributions ---|---|--- Bobby Cooke | @0xBoku | Project original author and maintainer Santiago Pecin | @s4ntiago...

Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer

Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive...

DEBIAN-CVE-2024-6064

A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmtnodeend of the file src/scenemanager/loaderxmt.c of the component MP4Box. The manipulation leads to use after free. Local access is required to...

PT-2024-37358 · Gpac +1 · Gpac +1

Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master Description: A problem was found in the function xmt node end of the file src/scene manager/loader xmt.c of the component MP4Box. The issue leads to use after free. Local access is required to...

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion By Ale Houspanossian · June 17, 2024 Case Summary It was a quiet Monday morning in March 2024 when the EDR researchers with our Trellix Advanced Research Center identifi...

SUSE CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

OPENSUSE-SU-2024:13500-1 gdk-pixbuf-loader-rsvg-2.57.0-4.1 on GA media

These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.57.0-4.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12451-1 gdk-pixbuf-loader-libheif-1.12.0-5.1 on GA media

These are all security issues fixed in the gdk-pixbuf-loader-libheif-1.12.0-5.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11593-1 gdk-pixbuf-loader-rsvg-2.52.2-2.1 on GA media

These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.52.2-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10986-1 gdk-pixbuf-loader-rsvg-2.50.7-1.5 on GA media

These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.50.7-1.5 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13502-1 gdk-pixbuf-loader-libheif-1.17.5-2.1 on GA media

These are all security issues fixed in the gdk-pixbuf-loader-libheif-1.17.5-2.1 package on the GA media of openSUSE Tumbleweed...

grub2 security update

An update is available for grub2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...

OESA-2024-1714 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder.CVE-2021-46848...

OESA-2024-1700 grub2 security update

GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn. Security Fixes: GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder.CVE-2021-46848...

GHSA-3HJH-JH2H-VRG6 Denial of service in langchain-community

Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...

PYSEC-2024-118

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

PYSEC-2024-118

A Denial-of-Service DoS vulnerability exists in the SitemapLoader class of the langchain-ai/langchain repository, affecting all versions. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the...

PT-2024-22949 · Langchain Ai · Langchain

Name of the Vulnerable Software and Affected Versions: langchain-ai/langchain versions prior to 0.2.5 langchain-community versions prior to 0.2.5 Description: A Denial-of-Service DoS issue exists in the SitemapLoader class due to the parse sitemap method lacking a mechanism to prevent infinite...

GLPI -- multiple vulnerabilities

GLPI team reports: GLPI 10.0.16 Changelog SECURITY - high Account takeover via SQL Injection in AJAX scripts CVE-2024-37148 SECURITY - high Remote code execution through the plugin loader CVE-2024-37149 SECURITY - moderate Authenticated file upload to restricted tickets CVE-2024-37147...

RHEL 9 : pcs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - async: Prototype Pollution in async CVE-2021-43138 - The glob-parent package before 6.0.1 for Node.js...