5606 matches found
SUSE CVE-2022-27938
stbimage.h aka the stb image loader 2.19, as used in libsixel and other products, has a reachable assertion in stbicreatepngimageraw...
SUSE CVE-2022-28737
There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...
SUSE CVE-2022-30790
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552...
SUSE CVE-2022-40307
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free...
The vulnerability of the Google Chrome web browser’s downloader, related to insufficient validation of input data, allows a hacker to access confidential information.
The vulnerability of the Google Chrome web browser loader is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information through a specially created HTML page...
loader-utils: Regular expression denial of service
A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service ReDoS, affecting the availability of the affected component...
No More Macros? Better Watch Your Search Results!
No More Macros? Better Watch Your Search Results! By Pham Duy Phuc and Max Kersten · February 08, 2023 Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique. Malicious macros in...
No More Macros? Better Watch Your Search Results!
No More Macros? Better Watch Your Search Results! By Pham Duy Phuc · February 08, 2023 This blog was also written by Max Kersten Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique...
Ransomware and Commodity Loader Topic Summary Report: Cisco Talos Year in Review 2022
The ransomware space is dynamic, continually adapting to changes in the geopolitical environment, actions by defenders, and efforts by law enforcement, which increased in scope and intensity in 2022. This leads groups to rebrand under different names, shut down operations, and form new strategic...
FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection
An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware. "The loaders, dubbed MalVirt, use obfuscated virtualization for anti-analysis and evasion along with the Windows Process Explorer driver for...
Malicious Package
Overview vue-loader10 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview vue-loader21 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview vue-loader11 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview vue-loader15 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview vue-loader19 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Malicious Package
Overview vue-loader18 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Gootkit Malware Continues to Evolve with New Components and Obfuscations
The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565 , noting that the usage of the malware is...
Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices
Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems. "This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Window...
Improper Input Validation
Overview directxtexdesktopwin10 is a DirectXTex texture processing library Affected versions of this package are vulnerable to Improper Input Validation in the ConvertToSinglePlane function in DirectXTexConvert.cpp, when processing an invalid height value from the DDS loader for planar video...
Improper Input Validation
Overview directxtexdesktop2019 is a DirectXTex texture processing library Affected versions of this package are vulnerable to Improper Input Validation in the ConvertToSinglePlane function in DirectXTexConvert.cpp, when processing an invalid height value from the DDS loader for planar video...