GHSA-87R7-Q54J-F9QG OpenStack Murano Code Execution

OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...

Elfloader - An Architecture-Agnostic ELF File Flattener For Shellcode

elfloader is a super simple loader for ELF files that generates a flat in-memory representation of the ELF. Pair this with Rust and now you can write your shellcode in a proper, safe, high-level language. Any target that LLVM can target can be used, including custom target specifications for real...

ALEA-2022:0354 vulkan bug fix and enhancement update

The vulkan packages contain the reference ICD loader and validation layers for Vulkan, a graphics and compute API for cross-platform access to modern GPUs. Bug Fixes and Enhancements: Rebase vulkan-loader in 8.6 BZ2016391 Rebase vulkan-headers in 8.6 BZ2016392 Rebase spirv-headers in 8.6 BZ201639...

Mortar - Evasion Technique To Defeat And Divert Detection And Prevention Of Security Products (AV/EDR/XDR)

red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:1632-1 Rating: important References: 1192310 1192734 1193519 1193713 Cross-References: CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012...

DEBIAN-CVE-2021-4059

Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

DEBIAN-CVE-2021-4056

Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2021-38005

Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Design/Logic Flaw

Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2021-4056

Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-4056

CVE-2021-4056 is a type-confusion vulnerability in the loader component of the Chromium browser engine, present in Chrome/Chromium prior to version 96.0.4664.93. A remote attacker could potentially cause arbitrary code execution through a crafted HTML page, as described in multiple vendor advisor...

CVE-2021-38005

Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Chromium: CVE-2021-4056: Type Confusion in loader

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA12373 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, inject malicious code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser from Google, Inc. A data validation error vulnerability exists in the loader component of Google Chrome prior to version 96.0.4664.93. It allows remote attackers to compromise cross-domain data via crafted HTML pages...

Microsoft Edge (Chromium) < 96.0.1052.29 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1052.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory. - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a...

Chromium: CVE-2021-38005 Use after free in loader

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Google Chrome post-release reuse vulnerability (CNVD-2022-12743)

Chrome is a simple and efficiently designed web browsing tool developed by Google. A post-release reuse vulnerability exists in the loader in versions of Google Chrome prior to 96.0.4664.45. An attacker could use this vulnerability to potentially exploit heap corruption via a crafted HTML page...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 25 security fixes, including: 1263620 High CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos on 2021-10-26 1260649 High CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera @lbherrera on...

QAKBOT Loader Returns With New Techniques and Tools

QAKBOT operators resumed email spam operations towards the end of September after an almost three-month hiatus. QAKBOT detection has become a precursor to many critical and widespread ransomware attacks. Our report shares some insight into the new techniques and tools this threat is using...