CVE-2022-36363

CVE-2022-36363 affects Siemens LOGO! devices (LOGO! 12/24RCE, 230RCE, 24CE and SIPLUS variants). The issue is improper validation of an offset value in TCP packets when calling a method, which could allow an attacker to retrieve parts of memory content. Public sources note the vulnerability is ex...

EulerOS Virtualization 3.0.6.6 : vim (EulerOS-SA-2022-2541)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - vim is vulnerable to Heap-based Buffer Overflow CVE-2021-3927, CVE-2021-3984, CVE-2021-4019, CVE-2022-0213 - vim is vulnerable to Us...

PT-2022-34779 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.12 Description: The issue concerns a fix for the TX channel offset when using legacy interrupts in the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

PT-2022-34845 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.10.122 through 5.10.145 Description: The issue concerns a fix for the TX channel offset when using legacy interrupts in the Linux Kernel. The actual impact and attack plausibility have not yet been proven...

kernel security, bug fix, and enhancement update

5.14.0-70.26.1.0.10.OL9 - lockdown: also lock down previous kgdb use Daniel Thompson Orabug: 34290418 CVE-2022-21499 5.14.0-70.26.10.OL9 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted...

USN-5622-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Moshe Ko...

PT-2024-8454 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a NULL pointer dereference in the Linux kernel's sfc component when using legacy interrupts. In legacy interrupt mode, the tx channel offset was hardcoded to 1,...

Ubuntu 20.04 LTS : Vim regression (USN-5613-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5613-2 advisory. USN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed to include binary packages for some architectures. This update fixes that...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-5613-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5613-1 advisory. It was discovered that Vim was not properly performing bounds checks when executing spell suggestion commands. An attacker could...

GHSA-X2XX-JW5M-5J86 LIEF contains segmentation violation

LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::fileoffset at /MachO/SegmentCommand.cpp. Commit 7acf0bc4224081d4f425fcc8b2e361b95291d878 contains a patch...

CVE-2022-38307

LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::fileoffset at /MachO/SegmentCommand.cpp...

PYSEC-2022-275

LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::fileoffset at /MachO/SegmentCommand.cpp...

CVE-2021-0942

The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression:sPA.uiAddr = pagetophyspsOSPageArrayData-pagearrayui32PageIndex;With the current PoC this crashes as an OOB read. However, given that the O...

LIEF 代码问题漏洞

LIEF is a cross-platform library from the individual developer Romain Thomas. It is used to parse, modify and abstract Elf, Pe and MachO formats. LIEF suffers from a code issue vulnerability that stems from a segmentation violation found in the LIEF::MachO::SegmentCommand::fileoffset function in...

PT-2022-24357 · Lief · Lief

Name of the Vulnerable Software and Affected Versions: LIEF version 5d1d643 Description: A segmentation violation was discovered in LIEF via the function LIEF::MachO::SegmentCommand::file offset at /MachO/SegmentCommand.cpp. Recommendations: For LIEF version 5d1d643, update to a version that...

Windows shellcode stage, Reverse Ordinal TCP Stager (No NX or Win7)

Custom shellcode stage. Connect back to the attacker Module Options msf use payload/windows/custom/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options ...show and set options... msf payloadreverseordtcp run Th...

Windows shellcode stage, Reverse TCP Stager (No NX or Win7)

Custom shellcode stage. Connect back to the attacker No NX Module Options msf use payload/windows/custom/reversenonxtcp msf payloadreversenonxtcp show actions ...actions... msf payloadreversenonxtcp set ACTION msf payloadreversenonxtcp show options ...show and set options... msf...

Amazon Linux 2022 : vim-common, vim-data, vim-default-editor (ALAS2022-2022-077)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-077 advisory. A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and leads to an out-of-bounds read. This flaw allows an attacker to input a specially craft...

ASB-A-238904312

The path in this case is a little bit convoluted. The end result is that via an ioctl an untrusted app can control the ui32PageIndex offset in the expression: sPA.uiAddr = pagetophyspsOSPageArrayData-pagearrayui32PageIndex; With the current PoC this crashes as an OOB read. However, given that the...

SUSE SLES12 Security Update : open-iscsi (SUSE-SU-2022:2861-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:2861-1 advisory. - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configur...