Remote Code Execution (RCE)

chromium is vulnerable to remote code execution. The vulnerability exists due to a use after free security issue has been found in the Loader component...

Chromium: CVE-2021-30548 Use after free in Loader

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Google Chrome post-release reuse vulnerability (CNVD-2021-43405)

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A post-release reuse vulnerability exists in Loader in versions prior to Google Chrome 91.0.4472.101. No detailed vulnerability details are provided at this time...

Google Chrome 资源管理错误漏洞

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A post-release reuse vulnerability exists in Loader in versions prior to Google Chrome 91.0.4472.101. No detailed vulnerability details are provided at this time...

SUSE: Security Advisory (SUSE-SU-2017:3441-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Siemens Jt2go 缓冲区错误漏洞

Siemens Jt2go is a JT file viewer from Siemens Germany.Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios. An out-of-bounds write vulnerability exists in Siemens JT2Go and Teamcenter Visualization. The vulnerability is caused due t...

FreeBSD : PyYAML -- arbitrary code execution (c7ec6375-c3cf-11eb-904f-14dae9d5a9d2)

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...

EulerOS 2.0 SP9 : pyyaml (EulerOS-SA-2021-1937)

According to the version of the pyyaml package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes...

WebKit WebKitGTK 资源管理错误漏洞

WebKitGTK+ is a full-featured port of the WebKit engine and includes all of WebKit's features. A resource management error vulnerability exists in Webkit WebKitGTK, which stems from a problem with the way certain events are handled by the ImageLoader image loading object in Webkit WebKitGTK 2.30....

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...

RHEL 8 : shim (RHSA-2021:1734)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1734 advisory. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments...

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-1912)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

grub2: Stack buffer overflow in grub_parser_split_cmdline()

A flaw was found in grub2. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with...

Moderate: Red Hat Security Advisory: shim security update

An update for shim, shim-unsigned-aarch64, and shim-unsigned-x64 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

vulkan bug fix and enhancement update

An update is available for spirv-tools, vulkan-loader, vulkan-headers, vulkan-validation-layers, vulkan-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Fo...

RLSA-2021:1734 Moderate: shim security update

The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fixes: grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled CVE-2020-14372 grub2: Use-after-free in...

shim security update

An update is available for shim-unsigned-aarch64. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The shim package contains a first-stage UEFI boot loader that...

Moderate: shim security update

The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fixes: grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled CVE-2020-14372 grub2: Use-after-free in...

Ubuntu 20.04 LTS : PyYAML vulnerability (USN-4940-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4940-1 advisory. It was discovered that PyYAML incorrectly handled untrusted YAML files with the FullLoader loader. A remote attacker could possibly use this issue to execute...