kernel: dm mirror log: round up region bitmap size to BITS_PER_LONG

In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITSPERLONG The code in dm-log rounds up bitsetsize to 32 bits. It then uses findnextzerobitle on the allocated region. findnextzerobitle accesses the bitmap using unsigned long...

curl: CVE-2022-43552: HTTP Proxy deny use-after-free

Issues reported by Trail of Bits. This is either one or two issues. Summary: ./src/curl 0 -x0:80 telnet:/j-uj-u//0 -m 01 ./src/curl 0 -x0:80 smb:/j-uj-u//0 -m 01 Both command line ends up having libcurl access and use already freed heap-memory. For read and write. Steps To Reproduce: See above, r...

HCL Technologies HCL Verse 加密问题漏洞

HCL Technologies HCL Verse is a mobile application for accessing emails and life plan management from HCL Technologies, USA. A security vulnerability exists in HCL Technologies HCL Verse prior to version 12.0.15, which stems from the application being signed using a key length less than or equal ...

PT-2022-26778 · Tsmuxer · Tsmuxer

Name of the Vulnerable Software and Affected Versions: tsMuxer version 2.6.16 Description: A heap overflow issue was discovered in the function BitStreamWriter::flushBits located at /tsMuxer/bitStream.h. Recommendations: For tsMuxer version 2.6.16, consider disabling the BitStreamWriter::flushBit...

curl: CVE-2022-42915: HTTP proxy double-free

This is a finding that Trail of Bits found in their ongoing curl security audit. Reported at a status meeting today. Summary: curl frees memory twice in some cleanup function related to HTTP proxies. It as simple as curl -x http://localhost:80 dict://127.0.0.1 Using valgrind on the current git...

UBUNTU-CVE-2022-41428

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4BitReader::ReadBits function in mp4mux...

USN-5617-1: Xen vulnerabilities

It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use th...

GSD-2022-1005860 KVM: Don't set Accessed/Dirty bits for ZERO_PAGE

KVM: Don't set Accessed/Dirty bits for ZEROPAGE This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.137 by commit...

GSD-2022-1005605 KVM: Don't set Accessed/Dirty bits for ZERO_PAGE

KVM: Don't set Accessed/Dirty bits for ZEROPAGE This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...

PT-2022-34118 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.137 Description: The issue concerns the KVM and the handling of Accessed/Dirty bits for ZERO PAGE. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2022-33863 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.61 Description: The issue concerns the KVM and the handling of Accessed/Dirty bits for the ZERO PAGE. The actual impact and potential for attack have not been proven yet. Recommendations: For versions prio...

PT-2022-33517 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: The issue concerns the KVM in the Linux Kernel, where the Accessed/Dirty bits are not set for the ZERO PAGE. The actual impact and attack plausibility of this issue have not yet been proven...

PT-2022-37253 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: Java affected versions not specified Description: The issue is related to a security exception in Java, specifically in the java.nio package. The crash occurs in the reserveMemory function of java.nio.Bits, which is called by...

CVE-2021-4037

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belon...

Explained: Steganography

Steganography is the prime example of effectively hiding something in plain sight. The word steganography comes from the Greek words "stegos" meaning "cover" and "grafia" meaning "writing." Steganography, then, is defined as "covered writing." In essence, we use the name steganography for every...

CVE-2022-36153

tifig v0.2.2 was discovered to contain a segmentation violation via std::vector ::size const at /bits/stlvector.h...

CVE-2022-35113

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via swfDefineLosslessBitsTagToImage at /modules/swfbits.c...

UBUNTU-CVE-2022-35113

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via swfDefineLosslessBitsTagToImage at /modules/swfbits.c...

SWFTools 缓冲区错误漏洞

SWFTools is a set of utilities for working with Adobe Flash files SWF files from the individual developer Matthias Kramm. A security vulnerability exists in SWFTools due to a heap buffer overflow in swfDefineLosslessBitsTagToImage in the /modules/swfbits.c file...

CVE-2022-37401

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from...