GHSA-V558-FHW2-V46W Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin

Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

CVE-2021-21170

Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox URL bar via a crafted HTML page...

CVE-2022-29032

A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The CGMNISTLoader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An...

CVE-2022-29030

A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The MonoLoader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An...

CVE-2022-29030

A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The MonoLoader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An...

CVE-2022-29028

A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The TiffLoader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker...

CVE-2022-29033

A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The CGMNISTLoader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. A...

CVE-2022-29033

A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The CGMNISTLoader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. A...

CVE-2022-29028

A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The TiffLoader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker...

CVE-2022-29031

A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The CGMNISTLoader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An...

CVE-2022-29029

A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The CGMNISTLoader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An...

Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang

The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. "Most of Wizard Spider's efforts go into hacking European and U.S. businesses, with a special cracking tool used by some of their attackers to...

The vulnerability of the Android operating system’s kernel loader, allowing a hacker to execute arbitrary code

The vulnerability of the Android operating system’s kernel loader is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

GHSA-87R7-Q54J-F9QG OpenStack Murano Code Execution

OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...

GHSA-VPR3-F594-MG5G Improper Control of Generation of Code ('Code Injection') in Spring Framework

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs0=jar: followed by a URL of a crafted .jar file...

Das U-Boot 安全漏洞

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in Das U-Boot, which stems from nfslookupreply in net/nfs.c having an infinite...

Process_Overwriting - Yet Another Variant Of Process Hollowing

Process Overwriting is a PE injection technique, closely related to Process Hollowing and Module Overloading Process Hollowing aka RunPE is an old and popular PE injection technique. It comes in has variety of flavors, but there are some steps in common: 1. Start by creating a process in a...

The vulnerability of the configuration file loader for WebUI devices of PHOENIX CONTACT RAD-ISM-900-EN-* allows a attacker to execute arbitrary code with root privileges.

The vulnerability of the configuration file loader for WebUI devices of PHOENIX CONTACT RAD-ISM-900-EN- exists due to insufficient checks on the integrity of the firmware. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with root privileges...

CVE-2021-26361

A malicious or compromised User Application UApp or AGESA Boot Loader ABL could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure...

Information disclosure

A malicious or compromised User Application UApp or AGESA Boot Loader ABL could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure...