270 matches found
CVE-2022-42331
x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...
CVE-2022-42331
x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...
CVE-2022-42331
x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...
CVE-2022-42331
CVE-2022-42331 describes a Xen hypervisor SPECULATIVE execution vulnerability on the x86 32-bit SYSCALL path. Root cause: an oversight in the original Spectre/Meltdown work (XSA-254) leads to an entrypath performing its speculation-safety actions too late, leaving an unprotected RET instruction i...
CVE-2022-42331
x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...
NetChess 2.1 Buffer Overflow Exploit
Exploit Title: NetChess2.1 Buffer Overflow SEH Exploit Author: Ugur Eminli Vendor Homepage: https://sourceforge.net/projects/avmnetchess/ Software Link: https://sourceforge.net/projects/avmnetchess/ Version: 2.1 Tested on: WinXP SP2 Build 2600 !/usr/bin/perl my $file= "exploit.pgn"; my $junk=...
hw: cpu: AMD: Branch Type Confusion (non-retbleed)
A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure...
IBPB and Return Stack Buffer Interactions
Bulletin ID: AMD-SB-1040 Potential Impact: Information Disclosure Severity: Medium Summary AMD is aware of a potential vulnerability affecting AMD CPUs where the OS relies on IBPB to flush the return address predictor. This may allow for CVE-2017-5715 previously known as Spectre Variant 2 attacks...
hw: cpu: AMD: Branch Type Confusion (non-retbleed)
A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure...
GSD-2022-1004370 efi/x86: use naked RET on mixed mode call wrapper
efi/x86: use naked RET on mixed mode call wrapper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.57 by commit...
GSD-2022-1004148 efi/x86: use naked RET on mixed mode call wrapper
efi/x86: use naked RET on mixed mode call wrapper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.14 by commit...
The vulnerability of microprogramming software for Intel and AMD processors allows attackers to extract sensitive information from the kernel’s memory or launch attacks on host systems from virtual machines.
The vulnerability of microprogramming software for Intel and AMD processors lies in errors during the processing of the “ret” instruction, which retrieves an address for transitioning from the stack. Exploiting this vulnerability can allow attackers to extract protected information from the...
The vulnerability of microprogramming software for Intel and AMD processors allows attackers to extract sensitive information from the kernel’s memory or launch attacks on host systems from virtual machines.
The vulnerability of microprogramming software for Intel and AMD processors lies in errors during the processing of the “ret” instruction, which extracts an address to move from the stack. Exploiting this vulnerability can allow attackers to extract protected information from the kernel’s memory ...
CVE-2022-33704
Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities...
Audio Conversion Wizard v2.01 - Buffer Overflow Exploit
Exploit Title: Audio Conversion Wizard v2.01 - Buffer Overflow Exploit Author: Hejap Zairy Software Link: https://www.litexmedia.com/acwizard.exe Tested Version: v2.01 Tested on: Windows 10 64bit 1.- Run python code : 0day-HejapZairy.py 2.- Open 0dayHejap.txt and copy All content to Clipboard 3.-...
Free MP3 CD Ripper 2.8 Buffer Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Free MP3 CD Ripper 2.6 %q This module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8. By constructing a specially crafted...
CloudMe 1.11.2 SEH Buffer Overflow Exploit
import socket import sys target = "127.0.0.1" Written by : lutzenfried Clement Cruchet Exploiting CloudMe 1.11.2 Publisher : CloudMe AB Windows x64 10.0.18362 Build 18362 Buffer Overflow using SEH overwritten technic POP POP RET Exploit for CVE-2018-6892 Technical information used for exploit...
openSUSE Security Update : nasm (openSUSE-2020-954)
This update for nasm fixes the following issues : nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. - Fix crash due to multiple errors or warnings during the code generation pass if a list file i...
Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation
Title: Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Date: 2020-04-21 Author: Marco Ivaldi Vendor: www.oracle.com CVE: CVE-2020-2944 / raptorsdtcmconv.c - CDE sdtcmconvert LPE for Solaris/Intel Copyright c 2019-2020 Marco Ivaldi A buffer overflow in the SanityCheck...
Nsauditor 3.2.1.0 - Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite)) Exploit
Exploit Title: Nsauditor 3.2.1.0 - Buffer Overflow SEH+ASLR bypass 3 bytes overwrite Exploit Author: Cervoise Vendor Homepage: https://www.nsauditor.com/ Software Link: https://www.nsauditor.com/downloads/nsauditorsetup.exe Version: 3.2.1.0 and 3.0.28 Tested on: Windows 10.0.18363.778 x86 Pro EN...