Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-22995: WDC-22005 Netatalk Security Vulnerabilities | Western Digital

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

CVE
Open in Source
#vulnerability#mac#apple#git#rce#perl#samba#buffer_overflow#auth#zero_day
CVE-2022-22995: WDC-22005 Netatalk Security Vulnerabilities | Western Digital

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

CVE-2022-0330: security - Linux kernel: Security sensitive bug in the i915 kernel driver​ (CVE-2022-0330)

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

CVE-2022-0435: security - CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module since 4.8 (net/tipc)

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

CVE-2022-27887: There are multiple reflective XSS vulnerabilities in the website · Issue #840 · magicblack/maccms10

Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.

CVE-2021-26621: KISA 인터넷 보호나라&KrCERT

An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function.

CVE-2021-3422: Team82: Splunk Enterprise Indexer, Forwarder Vulnerability Patched

The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. See https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Enableareceiver for more information on configuring an indexer to listen for UF traffic. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. As a partial mitigation and a security best practice, see https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcertificates and https://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/Controlforwarderaccess. Implementation of either or both reduces the severity to Medium.

CVE-2022-0330: security - Linux kernel: Security sensitive bug in the i915 kernel driver​ (CVE-2022-0330)

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

CVE-2022-25577: proof-of-concepts/Use_Of_Hardcoded_Password_In_ALF-BanCO_8.2.x at main · ph0nkybit/proof-of-concepts

ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data.

CVE-2018-25032: security - zlib memory corruption on deflate (i.e. compress)

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.