Category Archives: Advisories

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:32 Second

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

woff-0.20091126-33.fc35

Read Time:12 Second

FEDORA-2022-d50ded078e

Packages in this update:

woff-0.20091126-33.fc35

Update description:

Fix a possible double free in woffEncode().

Update License to SPDX
improved summary and description
Add hand-written man pages
Install HTML format description as documentation

Read More

woff-0.20091126-34.fc36

Read Time:12 Second

FEDORA-2022-706c76c4f0

Packages in this update:

woff-0.20091126-34.fc36

Update description:

Fix a possible double free in woffEncode().

Update License to SPDX
improved summary and description
Add hand-written man pages
Install HTML format description as documentation

Read More

CVE-2021-31693

Read Time:20 Second

VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.

Read More

USN-5728-3: Linux kernel (GCP) vulnerabilities

Read Time:2 Minute, 43 Second

Jann Horn discovered that the Linux kernel did not properly track memory
allocations for anonymous VMA mappings in some situations, leading to
potential data structure reuse. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-42703)

It was discovered that a race condition existed in the memory address space
accounting implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-41222)

It was discovered that a race condition existed in the instruction emulator
of the Linux kernel on Arm 64-bit systems. A local attacker could use this
to cause a denial of service (system crash). (CVE-2022-20422)

It was discovered that the KVM implementation in the Linux kernel did not
properly handle virtual CPUs without APICs in certain situations. A local
attacker could possibly use this to cause a denial of service (host system
crash). (CVE-2022-2153)

Hao Sun and Jiacheng Xu discovered that the NILFS file system
implementation in the Linux kernel contained a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-2978)

Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64
processors, the Linux kernel’s protections against speculative branch
target injection attacks were insufficient in some circumstances. A local
attacker could possibly use this to expose sensitive information.
(CVE-2022-29901)

Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in
the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly expose sensitive information (kernel
memory). (CVE-2022-3028)

It was discovered that the Netlink device interface implementation in the
Linux kernel did not properly handle certain error conditions, leading to a
use-after-free vulnerability with some network device drivers. A local
attacker with admin access to the network device could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-3625)

It was discovered that the IDT 77252 ATM PCI device driver in the Linux
kernel did not properly remove any pending timers during device exit,
resulting in a use-after-free vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-3635)

Jann Horn discovered a race condition existed in the Linux kernel when
unmapping VMAs in certain situations, resulting in possible use-after-free
vulnerabilities. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-39188)

Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX
storage controller driver in the Linux kernel did not properly handle
certain structures. A local attacker could potentially use this to expose
sensitive information (kernel memory). (CVE-2022-40768)

Sönke Huster discovered that a use-after-free vulnerability existed in the
WiFi driver stack in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-42719)

Read More

CyberDanube Security Research 20221124-0 | Authenticated Command Injection Hirschmann BAT-C2

Read Time:12 Second

Posted by Thomas Weber on Nov 29

CyberDanube Security Research 20221124-0
——————————————————————————-
               title| Authenticated Command Injection
             product| Hirschmann (Belden) BAT-C2
  vulnerable version| 8.8.1.0R8
       fixed version| 09.13.01.00R04
          CVE number| CVE-2022-40282
              impact| High
           …

Read More

Win32.Ransom.Conti / Crypto Logic Flaw

Read Time:20 Second

Posted by malvuln on Nov 29

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/99e55ce93392068c970384ab24a0e13d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln

Threat: Win32.Ransom.Conti
Vulnerability: Crypto Logic Flaw
Description: Conti ransomware FAILS to encrypt non PE files that have a
“.exe” in the filename. Creating specially crafted file names…

Read More