Advisory ROSA-SA-2023-2300

Software: grub2 2.02 OS: ROSA Virtualization 2.1 packageevrstring: grub2-2.02-106.0.3.rv3.src.rpm CVE-ID: CVE-2020-14372 BDU-ID: 2022-00326 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Secure Boot protocol implementation of the Grub2 operating system boot loader is related to an incorrect...

Improper Restriction of Operations within the Bounds of a Memory Buffer

Overview Affected versions of this package are vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer via the wasmloaderpreparebytecode function in core/iwasm/interpreter/wasmloader.c. An attacker can cause a denial of service by exploiting this vulnerability...

CVE-2023-48105

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasmloaderpreparebytecode function in core/iwasm/interpreter/wasmloader.c...

WebAssembly Micro Runtime Security Vulnerability

WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...

PT-2023-35593 · Git +1 · Vulkan-Loader

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ, with a crash state involving functions such as loader log, loader scanned icd add, and loader icd...

loader-utils: prototype pollution in function parseQuery in parseQuery.js

A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution...

AMD EPYC Security Vulnerability

AMD EPYC is a line of x86 architecture server microprocessors from AMD, known in Chinese as "Xiao Long", utilizing the Zen microarchitecture. A security vulnerability exists in AMD EPYC, which stems from Inadequate input validation in the ASP boot loader could allow a privileged attacker with...

AMD EPYC Security Vulnerability

AMD EPYC is a line of x86 architecture server microprocessors from AMD, known in Chinese as "霄龙", which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC, which stems from the fact that improperly clearing sensitive data from the ASP boot loader could expose keys to ...

Default printer becomes "Webex Document Loader"

Even set the Citrix policy "Do not adjust the user’s default printer", the default printer becomes "Webex Document Loader" after logging in...

CVE-2023-43572

A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information...

Lenovo Desktops Buffer Error Vulnerability

Lenovo Desktops are desktop computers from the Chinese company Lenovo. A security vulnerability exists in Lenovo Desktop that originates from a buffer over-read in the BiosExtensionLoader module...

Lenovo Desktops Security Breach

Lenovo Desktops are desktop computers from the Chinese company Lenovo. A security vulnerability exists in Lenovo Desktop that originates from a buffer overflow in the BiosExtensionLoader module...

Dvenom - Tool That Provides An Encryption Wrapper And Loader For Your Shellcode

Double Venom DVenom is a tool that helps red teamers bypass AVs by providing an encryption wrapper and loader for your shellcode. Capable of bypassing some well-known antivirus AVs. Offers multiple encryption methods including RC4, AES256, XOR, and ROT. Produces source code in C, Rust, PowerShell...

loader-utils: prototype pollution in function parseQuery in parseQuery.js

A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution...

A vulnerability was discovered in the PyYAML library in versions before 5.4 where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

...

CVE-2023-46084

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2...

CVE-2023-46084

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2...

CVE-2023-46084 WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2...

CVE-2023-46084 WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2...