Vulnerabilities tagged "vuln"

Exploitation of an OOB Write in Netfilter [CVE-2022-25636]

We have [previously](https://dayzerosec.com/vulns/2022/03/02/linux-kernel-heap-out-of-bounds-write-in-nfdupnetdevc-since-54.html) covered this bug, its an out-of-bounds access due to a broken assumption in every `dup` command having an associated immediate. When that assumption is broken by manually crafting netfilter rules `nft_fwd_dup_netdev_offload` function will perform an out of bounds access as it increments too far.
 

From XSS to RCE (dompdf 0day)

A chain of issues going from an XSS to a remote file download in a server-side PDF renderer, leading to remote-code execution.The XSS initally seemed a bit weak as the application had no secrets or even authentication so attacking other users would not provide much gain...
 

cr8escape: New Vulnerability in CRI-O Container Engine [CVE-2022-0811]

Simple container escape compared to several we've covered in the past, the `sysctls` passed into the `pinns` utility are delimited by a `+` which can be maliciously included in a value to inject otherwise blocked `sysctls`. There is some minimal validation on the `sysctls` being passed in to ensure the keys don't match any sensitive keys, however an attacker can set a value to `+sensitive.key=othervalue` to smuggle in a blocked option.
 
6
7
8
9
10
11
12