The vulnerability in the implementation of Grub2 operating system loaders allows attackers to gain access to confidential data, affect the integrity of data, and cause service failures.

The vulnerability of the Grub2 operating system loader implementation is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to access confidential data, compromise data integrity, and cause service failures...

The vulnerability in the implementation of the Setparam_prefix() function of the Grub2 operating system’s loader allows a perpetrator to gain access to confidential data, affect the integrity of the data, and cause service failures.

The vulnerability of the Setparamprefix function in the Grub2 operating system loader is related to the operation going beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to access confidential data, compromise data integrity, and cause service failures...

The vulnerability in the implementation of the rmmod command for the Grub2 operating system allows a hacker to gain access to confidential data, affect the integrity of the data, and cause service failures.

The vulnerability of the rmmod command, which is used by the Grub2 operating system loader, lies in the lack of checks to ensure that loaded modules are indeed present. Exploiting this vulnerability can allow an attacker to access confidential data, compromise data integrity, and cause service...

CVE-2022-0232

The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loadertext parameter found in the /includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary we...

Researchers Decrypted Qakbot Banking Trojan's Encrypted Registry Keys

Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly...

Mortar - Evasion Technique To Defeat And Divert Detection And Prevention Of Security Products (AV/EDR/XDR)

red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to...

PT-2022-4819

Name of the Vulnerable Software and Affected Versions Blender versions 2.93.8 through 3.x Description The issue is related to a missing bounds check in the image loader, leading to out-of-bounds heap access. This allows an attacker to cause denial of service, memory corruption, or potentially cod...

CVE-2021-45948

Open Asset Import Library aka assimp 5.1.0 and 5.1.1 has a heap-based buffer overflow in m3dsafestr called from m3dload and Assimp::M3DWrapper::M3DWrapper...

EvilOSX

This is a Python-based Remote Administration Tool RAT for macOS/OS X, known as EvilOSX. It is a modular system that allows users to extend its functionality by creating custom modules. The tool is designed to be undetectable by anti-virus software, using OpenSSL AES-256 encryption for its payload...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:1632-1 Rating: important References: 1192310 1192734 1193519 1193713 Cross-References: CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-CVE-2021-44228-workaround A. Solution Description =====...

CVE-2021-4059

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2021-4056

Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-4056

Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-4059

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

DEBIAN-CVE-2021-38005

Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2021-38005

Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2021-4059

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

UBUNTU-CVE-2021-4056

Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...