#perl

Ubuntu Security Notice 5963-1 - It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that Vim was not properly performing memory management operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10.

By Waqas One of the Breach Forums administrators who goes by the alias Baphomet has decided to shut down the forum permanently. This is a post from HackRead.com Read the original post: Breach Forums to Remain Offline Permanently

x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed agai...

x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334).

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens ProductCERT  Equipment: RADIUS client of SIPROTEC 5 devices  Vulnerability: Loop with Unreachable Exit Condition ('Infinite Loop')  2. RISK EVALUATION The RADIUS client implementation of the VxWorks platform in SIPROTEC 5 devices contains a denial-of-service vulnerability that could be triggered when a specially crafted packet is sent by a RADIUS server.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SIPROTEC 5 6MD85 (CP300) - >= V7.80 = V7.80 = V7.80  SIPROTEC 5 6MU85 (CP300) - >= V7.90 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 =...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely  Vendor: Siemens  Equipment: Various third-party components used in SCALANCE W-700 devices  Vulnerabilities: Generation of Error Message Containing Sensitive Information, Out-of-bounds Write, NULL Pointer Dereference, Out-of-bounds Read, Improper Input Validation, Release of Invalid Pointer or Reference, Use After Free, Prototype Pollution  2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or disclose sensitive data.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SCALANCE WAM763-1 (6GK57...

Poorly managed Linux SSH servers are being targeted as part of a new campaign that deploys different variants of malware called ShellBot. "ShellBot, also known as PerlBot, is a DDoS Bot malware developed in Perl and characteristically uses IRC protocol to communicate with the C&C server," AhnLab Security Emergency response Center (ASEC) said in a report. ShellBot is installed on servers that

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

# SSRF vulnerability ## Summary When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. ## Operating system, version and so on Linux, Debian (Buster) LTS core 5.10 / Parrot OS 5.1 (Electro Ara), python 3.9 ## Tested CairoSVG version 2.6.0 ## Details A specially crafted SVG file that loads an external resource from a URL. Remote attackers could exploit this vulnerability to cause a scan of an organization's internal resources or a DDOS attack on external resources. It looks like this bug can affect websites and cause request forgery on the server. ## PoC 1. Generating malicious svg file: 1.1 CairoSVG_exploit.svg: ```svg <?xml version="1.0" standalone="yes"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"> <image height="200" width="200" xlink:href...

An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.