Read Time:7 Second
Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability.
Category Archives: Advisories
CVE-2021-26324
Read Time:6 Second
A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs.
Multiple Vulnerabilities in Google Chrome and Chrome OS Could Allow for Arbitrary Code Execution
Read Time:27 Second
Multiple vulnerabilities have been discovered in Google Chrome and Chrome OS, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Chrome OS is a proprietary Linux-based operating system designed by Google. It is derived from the open-source Chromium OS and uses the Google Chrome web browser as its principal user interface. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the application.
APT28 FancyBear / Code Execution
Read Time:20 Second
Posted by malvuln on May 10
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/d6751b148461e0f863548be84020b879.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: APT28 FancyBear
Vulnerability: Code Execution
Description: FancyBear looks for and executes DLLs in its current
directory. Therefore, we can potentially hijack a vuln DLL execute our own
code, control and terminate the malware. The…
Defense in depth — the Microsoft way (part 80): 25 (in words: TWENTY-FIVE) year old TRIVIAL bug crashes CMD.exe
Read Time:24 Second
Posted by Stefan Kanthak on May 10
Hi @ll,
the subject says it all: a 25 year old TRIVIAL signed integer
arithmetic bug (which may well have earned a PhD now) crashes
Windows’ command interpreter CMD.exe via its builtin SET command.
See their documentation:
<https://technet.microsoft.com/en-us/library/cc771320.aspx>
<https://technet.microsoft.com/en-us/library/cc754250.aspx>
Classification
~~~~~~~~~~~~~~
USN-5409-1: libsndfile vulnerability
Read Time:16 Second
It was discovered that libsndfile was incorrectly performing memory
management operations and incorrectly using buffers when executing
its FLAC codec. If a user or automated system were tricked into
processing a specially crafted sound file, an attacker could
possibly use this issue to cause a denial of service or obtain
sensitive information.
USN-5408-1: Dnsmasq vulnerability
Read Time:8 Second
Petr Menšík and Richard Johnson discovered that Dnsmasq incorrectly handled
certain inputs. An attacker could possibly use this issue to execute
arbitrary code or expose sensitive information.
pidgin-2.14.1-4.fc34
Read Time:6 Second
FEDORA-2022-52777fea3c
Packages in this update:
pidgin-2.14.1-4.fc34
Update description:
Security fix for CVE-2022-26491.
pidgin-2.14.6-3.fc35
Read Time:6 Second
FEDORA-2022-4759ca6476
Packages in this update:
pidgin-2.14.6-3.fc35
Update description:
Security fix for CVE-2022-26491.
pidgin-2.14.8-3.fc36
Read Time:6 Second
FEDORA-2022-4490dce823
Packages in this update:
pidgin-2.14.8-3.fc36
Update description:
Security fix for CVE-2022-26491.