1576 matches found
CVE-2023-20525
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service...
CVE-2023-20527
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service...
CVE-2023-20525
The CVE-2023-20525 issue affects the AMD Secure Processor (ASP) Bootloader: it is caused by insufficient syscall input validation that can allow a privileged attacker to read memory outside mapped register bounds, potentially causing a denial of service. Public details identify the affected compo...
TerraLdr - A Payload Loader Designed With Advanced Evasion Features
TerraLdr: A Payload Loader Designed With Advanced Evasion Features Details: no crt functions imported syscall unhooking using KnownDllUnhook api hashing using Rotr32 hashing algo payload encryption using rc4 - payload is saved in .rsrc process injection - targetting 'SettingSyncHost.exe' ppid...
macOS/x64 Execve Null-Free Shellcode (253 bytes)
Shellcode Title: macOS/x64 - Execve Null-Free Shellcode 253 Bytes Shellcode Author: Bobby Cooke boku @0xBoku github.com/boku7 Date: 12/20/2022 Tested on: macOS Monterey; 21.6.0 Darwin Kernel Version; x8664 Shellcode Description: macOS 64 bit shellcode. Uses execve syscall to spawn bash. The strin...
macOS/x64 Execve Caesar Cipher String Null-Free Shellcode (286 bytes)
Shellcode Title: macOS/x64 - Execve Caesar Cipher String Null-Free Shellcode 286 Bytes Shellcode Author: Bobby Cooke boku @0xBoku github.com/boku7 Tested on: macOS Monterey; 21.6.0 Darwin Kernel Version; x8664 Shellcode Description: macOS 64 bit shellcode. Uses execve syscall to spawn bash. The...
SUSE: Security Advisory (SUSE-SU-2022:3888-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-41716 Unsanitized NUL in environment variables on Windows in syscall and os/exec
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
CVE-2022-41716 Unsanitized NUL in environment variables on Windows in syscall and os/exec
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
FreeBSD : go -- syscall, os/exec: unsanitized NUL in environment variables (26b1100a-5a27-11ed-abfe-29ac76ec31b5)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 26b1100a-5a27-11ed-abfe-29ac76ec31b5 advisory. - Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on...
GO-2022-1095 Unsanitized NUL in environment variables on Windows in syscall and os/exec
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
Important: golang-github-kr-pty
Issue Overview: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed from this advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating "chunked" encoding. This issue could allow request smuggling,...
go -- syscall, os/exec: unsanitized NUL in environment variables
The Go project reports: syscall, os/exec: unsanitized NUL in environment variables On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for invalid environment variable values. A malicious environment variable value could exploit this behavior to set a value for a different...
SUSE-SU-2022:3458-1 Security update for vsftpd
This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack PM-3322, jscSLE-23895, bsc1187686, bsc1187678. - Added hardening to systemd services bsc1181400. Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled bsc1052900. -...
SUSE-SU-2022:3457-1 Security update for vsftpd
This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack PM-3322, jscSLE-23896, bsc1187686, bsc1187678. - Added hardening to systemd services bsc1181400. Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled bsc1052900. -...
SUSE: Security Advisory (SUSE-SU-2022:3383-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:3383-1 Security update for vsftpd
This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack PM-3322, bsc1187686, bsc1187678. Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled bsc1052900. - Allowed wait4 to be called so that the broker can wait for its...
Unbreakable Enterprise kernel security update
5.4.17-2136.311.6 - Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' Sherry Yang Orabug: 34535896 5.4.17-2136.311.5 - netfilter: nftables: do not allow RULEID to refer to another chain Thadeu Lima de Souza Cascardo Orabug: 34495567 CVE-2022-2586 - netfilter: nftable...
SUSE-SU-2022:3320-1 Security update for vsftpd
This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack bsc1187678, bsc1187686, PM-3322. Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled bsc1052900. - Allowed wait4 to be called so that the broker can wait for its...
GSD-2022-1006267 arm64: Do not forget syscall when starting a new thread.
arm64: Do not forget syscall when starting a new thread. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.291 by commit...