29 matches found
CVE-2022-3347
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain...
The Windows Registry Adventure #4: Hives and the registry layout
Posted by Mateusz Jurczyk, Google Project Zero To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit abbreviated as HKCR, HKLM, HKCU, HKU and HKCC, and each of them contains a nested tree structure that serv...
PT-2023-29855 · Sbt +1 · Sbt +1
Name of the Vulnerable Software and Affected Versions: sbt versions prior to 1.9.7 Description: The issue allows writing of arbitrary files given a specially crafted zip or JAR file, utilizing IO.unzip. This could potentially overwrite /root/.ssh/authorized keys. Within sbt's main code, IO.unzip ...
SUSE CVE-2011-3590
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive...
CVE-2022-3347 Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain...
PT-2022-21781 · Unknown · Go-Resolver
Name of the Vulnerable Software and Affected Versions: go-resolver affected versions not specified Description: The issue is related to incorrect DNSSEC validation. An attacker can cause the package to report successful validation for invalid, attacker-controlled records. Specifically, root DNSSE...
Hacking the Sony Playstation 5
I just dont think its possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest example: Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend,...
kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive...
kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file...