Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Category Archives: Advisories
sfnt2woff-zopfli-1.3.1-3.fc37
FEDORA-2022-8d29386f00
Packages in this update:
sfnt2woff-zopfli-1.3.1-3.fc37
Update description:
Fix a possible double free in woffEncode()
woff-0.20091126-33.fc35
FEDORA-2022-d50ded078e
Packages in this update:
woff-0.20091126-33.fc35
Update description:
Fix a possible double free in woffEncode().
Update License to SPDX
improved summary and description
Add hand-written man pages
Install HTML format description as documentation
woff-0.20091126-34.fc36
FEDORA-2022-706c76c4f0
Packages in this update:
woff-0.20091126-34.fc36
Update description:
Fix a possible double free in woffEncode().
Update License to SPDX
improved summary and description
Add hand-written man pages
Install HTML format description as documentation
CVE-2021-31693
VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.
USN-5749-1: libsamplerate vulnerability
Erik de Castro Lopo and Agostino Sarubbo discovered that libsamplerate
did not properly perform bounds checking. If a user were tricked into
processing a specially crafted audio file, an attacker could possibly
use this issue to cause a crash.
USN-5728-3: Linux kernel (GCP) vulnerabilities
Jann Horn discovered that the Linux kernel did not properly track memory
allocations for anonymous VMA mappings in some situations, leading to
potential data structure reuse. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-42703)
It was discovered that a race condition existed in the memory address space
accounting implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-41222)
It was discovered that a race condition existed in the instruction emulator
of the Linux kernel on Arm 64-bit systems. A local attacker could use this
to cause a denial of service (system crash). (CVE-2022-20422)
It was discovered that the KVM implementation in the Linux kernel did not
properly handle virtual CPUs without APICs in certain situations. A local
attacker could possibly use this to cause a denial of service (host system
crash). (CVE-2022-2153)
Hao Sun and Jiacheng Xu discovered that the NILFS file system
implementation in the Linux kernel contained a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-2978)
Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64
processors, the Linux kernel’s protections against speculative branch
target injection attacks were insufficient in some circumstances. A local
attacker could possibly use this to expose sensitive information.
(CVE-2022-29901)
Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in
the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly expose sensitive information (kernel
memory). (CVE-2022-3028)
It was discovered that the Netlink device interface implementation in the
Linux kernel did not properly handle certain error conditions, leading to a
use-after-free vulnerability with some network device drivers. A local
attacker with admin access to the network device could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-3625)
It was discovered that the IDT 77252 ATM PCI device driver in the Linux
kernel did not properly remove any pending timers during device exit,
resulting in a use-after-free vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-3635)
Jann Horn discovered a race condition existed in the Linux kernel when
unmapping VMAs in certain situations, resulting in possible use-after-free
vulnerabilities. A local attacker could possibly use this to cause a denial
of service (system crash) or execute arbitrary code. (CVE-2022-39188)
Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX
storage controller driver in the Linux kernel did not properly handle
certain structures. A local attacker could potentially use this to expose
sensitive information (kernel memory). (CVE-2022-40768)
Sönke Huster discovered that a use-after-free vulnerability existed in the
WiFi driver stack in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-42719)
CyberDanube Security Research 20221124-0 | Authenticated Command Injection Hirschmann BAT-C2
Posted by Thomas Weber on Nov 29
CyberDanube Security Research 20221124-0
——————————————————————————-
title| Authenticated Command Injection
product| Hirschmann (Belden) BAT-C2
vulnerable version| 8.8.1.0R8
fixed version| 09.13.01.00R04
CVE number| CVE-2022-40282
impact| High
…
Exploiting an N-day vBulletin PHP Object Injection Vulnerability
Posted by Egidio Romano on Nov 29
Hello list,
Just wanted to share with you my latest blog post:
http://karmainsecurity.com/exploiting-an-nday-vbulletin-php-object-injection
Best regards,
/EgiX
Win32.Ransom.Conti / Crypto Logic Flaw
Posted by malvuln on Nov 29
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/99e55ce93392068c970384ab24a0e13d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln
Threat: Win32.Ransom.Conti
Vulnerability: Crypto Logic Flaw
Description: Conti ransomware FAILS to encrypt non PE files that have a
“.exe” in the filename. Creating specially crafted file names…