User can call liquidate() and steal all collateral due to arbitrary router call

Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...

UBUNTU-CVE-2021-44496

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution...

Microsoft Visual Studio Code Code Injection Vulnerability (CNVD-2022-29568)

A code injection vulnerability exists in Microsoft Visual Studio Code, an open source code editor from Microsoft Corporation. The vulnerability stems from a network system or product that does not properly filter special elements in code segments constructed from external input data. An attacker...

Lexmark input validation error vulnerability

Lexmark is a series of printers in the U.S. A security vulnerability exists in Lexmark, which stems from a network system or product that does not properly filter special elements in code segments constructed from external input data. An attacker could exploit the vulnerability to generate an...

GHSA-PMFR-63C2-JR5C Execution Control List (ECL) Is Insecure in Singularity

Impact The Singularity Execution Control List ECL allows system administrators to set up a policy that defines rules about what signatures must be or must not be present on a SIF container image for it to be permitted to run. In Singularity 3.x versions below 3.6.0, the following issues allow the...

Stack overflow

Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system...

Microsoft 3D Viewer remote code execution vulnerability

A code injection vulnerability exists in Microsoft 3D Viewer, a simplified and fast graphics editing application from Microsoft Corporation USA. The vulnerability stems from the process of constructing code segments from external input data that is not properly filtered by the network system or...

Check Point Response to CVE-2021-36299, CVE-2021-36300, CVE-2021-36301, CVE-2021-20235 - Dell iDRAC9 Vulnerabilities

Cause CVE-2021-36299 - An SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application. CVE-2021-36300 -...

Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint

Impact Due to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint cloud.sylabs.io rather than the configured remote endpoint. An attacker may be able...

Design/Logic Flaw

Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint...

CVE-2021-32635

Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint...

CVE-2021-32635

Removed by vendor...

CVE-2021-32635

Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint...

Linux/x86 Egghunter Shellcode (39 bytes)

39 bytes small Linux/x86 egghunter null-free shellcode. The egghunter dynamically searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. // Shellcode Title: Linux/x86 - EggHunter + Null-free 39...

Linux/x64_86 Egghunter Execve Shellcode (63 bytes)

63 bytes small Linux/x6486 dynamic egghunter shellcode that searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. The payload is an execve/bin/bash shellcode. // Shellcode Title: Linux/x64 -...

Buffer overflow

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a...

VMware vSphere, Workstation and Fusion updates enable Hypervisor-Assisted Guest Mitigations for Speculative Store Bypass issue.

vCenter Server, ESXi, Workstation, and Fusion update speculative execution control mechanism for Virtual Machines VMs. As a result, a patched Guest Operating System GOS can remediate the Speculative Store bypass issue CVE-2018-3639 using the Speculative-Store-Bypass-Disable SSBD control bit. This...

PT-2017-3771 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.20 Description: A use-after-free issue exists in the Linux kernel due to a race condition between fanout add from setsockopt and bind on an AF PACKET socket. This occurs because of an incomplete fix for a race...

Fortinet FortiGate Cookie Parser Buffer Overflow Vulnerability (FG-IR-16-023) - Version Check

Fortinet FortiGate firmware FOS released before Aug 2012 has a cookie parser buffer overflow vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Easy File Management Web Server 5.3 - Stack Buffer Overflow

No description provided by source. !/usr/bin/env python Exploit Title: Easy File Management Web Server 5.3 stack buffer overflow Date: 19 May 2014 Exploit Author: superkojiman - http://www.techorganic.com Vendor Homepage: http://www.efssoft.com Software Link:...