βΌ CVE-2022-42323 βΌ
π Read
via "National Vulnerability Database".
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42324 βΌ
π Read
via "National Vulnerability Database".
Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value, resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably, creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42327 βΌ
π Read
via "National Vulnerability Database".
x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42316 βΌ
π Read
via "National Vulnerability Database".
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transactionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-42309 βΌ
π Read
via "National Vulnerability Database".
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42318 βΌ
π Read
via "National Vulnerability Database".
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transactionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-42325 βΌ
π Read
via "National Vulnerability Database".
Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42313 βΌ
π Read
via "National Vulnerability Database".
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transactionπ Read
via "National Vulnerability Database".
β SHA-3 code execution bug patched in PHP β check your version! β
π Read
via "Naked Security".
As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!π Read
via "Naked Security".
Naked Security
SHA-3 code execution bug patched in PHP β check your version!
As everyone waits for news of a bug in OpenSSL, hereβs a reminder that other cryptographic code in your life may also need patching!
ποΈ Bug Bounty Radar // The latest bug bounty programs for November 2022 ποΈ
π Read
via "The Daily Swig".
New web targets for the discerning hackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for November 2022
New web targets for the discerning hacker
βΌ CVE-2022-43082 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php of Fast Food Ordering System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the customer parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43221 βΌ
π Read
via "National Vulnerability Database".
open5gs v2.4.11 was discovered to contain a memory leak in the component src/upf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3790 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Flipbook Plugin and classified as problematic. Affected by this issue is some unknown functionality of the file post.php of the component Edit Post Handler. The manipulation of the argument Shortcode leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212612.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43127 βΌ
π Read
via "National Vulnerability Database".
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43076 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43223 βΌ
π Read
via "National Vulnerability Database".
open5gs v2.4.11 was discovered to contain a memory leak in the component ngap-handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted UE attachment.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43086 βΌ
π Read
via "National Vulnerability Database".
Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43079 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Train Scheduler App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43222 βΌ
π Read
via "National Vulnerability Database".
open5gs v2.4.11 was discovered to contain a memory leak in the component src/smf/pfcp-path.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PFCP packet.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43084 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the v_name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3789 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Tim Campus Confession Wall and classified as critical. Affected by this vulnerability is an unknown functionality of the file share.php. The manipulation of the argument post_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212611.π Read
via "National Vulnerability Database".