4452 matches found
REvil Ransom Code Execution
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/7d7ee58c2696794b3be958b165eb61a9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: REvil Ransom Vulnerability: Code Execution Description: REvil looks for and executes DLLs in its...
Security Turbulence in the Cloud: Survey Says…
Over the past 15 years, the cloud has blown business into a new age of networking, for solid reasons: Small businesses can get online fast, using the same tools as the big companies; large companies can scale up and down to match demand; and organizations of all sizes can quickly react to busines...
PT-2022-6408 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the Linux kernel, specifically in the KVM SEV API, which allows a non-root user-level application to crash the host kernel by creating a confidential guest VM...
Oracle Database Server 输入验证错误漏洞
Oracle Database Server is a relational database management system from Oracle Corporation. Oracle Database Server is vulnerable to an input validation error in the Java VM in Oracle Database Server. An authenticated remote attacker could exploit this vulnerability to manipulate data...
PT-2022-7390
Name of the Vulnerable Software and Affected Versions Bitrix versions prior to 7.5.0 Description The issue is related to the unrestricted upload of dangerous file types in the "1C-Bitrix: Virtual Machine" VMBitrix virtual server. This can be exploited by a remote attacker to execute arbitrary cod...
The vulnerability of the Java VM component of the Oracle Database Server system allows a hacker to cause partial service disruption.
The vulnerability of the Java VM component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a partial service outage using network packets...
CVE-2022-24845 Integer bounds error in Vyper
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of .returnsint128 is not validated to fall within the bounds of int128. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0,...
CVE-2022-24788
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...
CVE-2022-24788 Buffer overflow in Vyper
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...
CVE-2022-24788 Buffer overflow in Vyper
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...
FreeBSD 缓冲区错误漏洞
FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. FreeBSD suffers from a buffer error vulnerability that stems from a boundary error in the e1000 network adapter in the bhyve 8 virtual machine monitor program. A remote attacker could exploit this vulnerability to execut...
CVE-2021-38834
easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary system commands through special js code...
CVE-2022-24787
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
Design/Logic Flaw
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
CVE-2022-24787 Incorrect Comparison in Vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
CVE-2022-24787
CVE-2022-24787 (Vyper) affects the Vyper language (Pythonic smart contract language for the EVM) in version 0.3.1 and earlier. The issue is that bytestrings can contain dirty bytes, causing word-for-word comparisons to yield incorrect results. Even without dirty nonzero bytes, two bytestrings may...
CVE-2022-24787 Incorrect Comparison in Vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
PT-2022-2585 · Linux +8 · Linux Kernel +8
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to the fixed version Description: A flaw was found in the Kernel-based Virtual Machine KVM subsystem of the Linux kernel. The issue is related to the get user pages fast function and involves writing data outside t...
CVE-2022-22965
A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters and possibly gain...
Experts Detail Virtual Machine Used by Wslink Malware Loader for Obfuscation
Cybersecurity researchers have shed more light on a malicious loader that runs as a server and executes received modules in memory, laying bare the structure of an "advanced multi-layered virtual machine" used by the malware to fly under the radar. Wslink, as the malicious loader is called, was...