3656 matches found
VulnCheck KEV: CVE-2019-9810
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox 66.0.1, Firefox ESR 60.6.1, and Thunderbird 60.6.1...
sudo -- Potential out-of-bounds write for small passwords
CVE.org reports: Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to sudo by entering a password of seven...
CVE-2022-43995
Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...
Heap overflow
Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...
CVE-2022-43995
Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...
UBUNTU-CVE-2022-32923
A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app...
USN-5710-1: OpenSSL vulnerabilities
It was discovered that OpenSSL incorrectly handled certain X.509 Email Addresses. If a certificate authority were tricked into signing a specially-crafted certificate, a remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. The default compiler...
Exploit for Out-of-bounds Write in Openssl
CVE−2022-3602 What is this? This document and repository...
[SECURITY] Fedora 36 Update: pypy3.7-7.3.9-4.3.7.fc36
PyPy's implementation of Python 3.7, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc.. This build of PyPy has JIT-compilation enabled...
SUSE-SU-2022:3781-1 Security update for container-suseconnect
This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler...
Malicious code in maven-compiler-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 314e6207e1eff2d0ffa8de2edb81458a38f4cb93c6326291fe91105e46f67adf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Fedora: Security Advisory for pypy3.9 (FEDORA-2022-61d8e8d880)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for pypy3.8 (FEDORA-2022-15f1aa7dc7)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for pypy3.9 (FEDORA-2022-4ac2e16969)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
FUD-UUID-Shellcode - Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness
Introduction Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness :. How it works Shellcode generation Firstly, generate a payload in binary format using either CobaltStrike or msfvenom for instance, in...
Microsoft Windows CryptoAPI 安全漏洞
Microsoft Windows CryptoAPI is a cryptographic compiler added to the Windows operating system by Microsoft Corporation. As an important foundation for data encryption and decryption functions, CryptoAPI supports synchronous and asynchronous key encryption processing, as well as the management of...
[SECURITY] Fedora 36 Update: scala-2.13.9-1.fc36
Scala is a general purpose programming language designed to express common programming patterns in a concise, elegant, and type-safe way. It smoothly integrates features of object-oriented and functional languages. It is also fully interoperable with Java. This package contains the Scala compiler...
GSD-2022-1006407 tee: fix compiler warning in tee_shm_register()
tee: fix compiler warning in teeshmregister This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.143 by commit...
PT-2022-34638 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.15.62 through v5.15.67 Description: The issue is related to a compiler warning in the tee shm register function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...
PT-2022-34602 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.19.3 through v5.19.9 Description: The issue is related to a compiler warning in the tee shm register function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...