Tutorials - Page 2 of 18 - Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!

CVE-2022-36123 – A vulnerability in Linux kernel mainline v5.18-rc1 through v5.19-rc6 does not clear statically allocated variables in the block starting symbol (.bss) due to a failed early_xen_iret_patch leading to an asm_exc_page_fault, or arbitrary code execution

July 29, 2022

Title A vulnerability in Linux kernel mainline v5.18-rc1 through v5.19-rc6 does not clear statically allocated variables in the block starting ...

CVE-2022-35414 – QEMU 4.1.50 through QEMU 7.0.0 – address_space_translate_for_iotlb allows a guest user to crash a host resulting in a denial of service.

by Sick Codes

July 11, 2022

1

Title CVE-2022-35414 - QEMU 4.1.50 through QEMU 7.0.0 - address_space_translate_for_iotlb allows a guest user to crash a host resulting in ...

Sick Codes DEFCON 30 Hacking The Farm Breaking Badly Into Agricultural Devices

Sick Codes @ DEF CON 30 August 11-14 2022!

by Sick Codes

June 30, 2022

1

Pleased to announce we will be speaking at this year's DEF CON 30 conference in Las Vegas, which will be ...

Sick Codes Hardwear.io Talk 9-10th June 2022

Sick Codes Speaking LIVE in-person @ Hardwear.io USA 9-10th June 2022: Supply Chain Level 0: Grinding Tractors to a Halt – Growing Pains in Agricultural Hardware Security

by Sick Codes

May 16, 2022

0

I have been fortunate enough to be giving a talk on Supply Chain security this year at Hardwear.io USA 2022, ...

CVE-2021-33318 IpMatcher v1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2. incorrectly validates octal & hexadecimal input data, leading to indeterminate SSRF, LFI, RFI, and DoS vectors.

by Sick Codes

May 15, 2022

0

Title CVE-2021-33318 IpMatcher v1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2. incorrectly validates octal & hexadecimal input ...

CVE-2022-28345 – Signal client for iOS version 5.33.2 and below are vulnerable to RTLO Injection URI Spoofing using malicious URLs such as gepj.net/selif#/moc.elpmaxe which would appear as example.com/#files/ten.jpeg

by Sick Codes

April 14, 2022

13

Title CVE-2022-28345 - Signal client for iOS version 5.33.2 and below are vulnerable to RTLO Injection URI Spoofing using malicious ...

Exploit: RTLO Injection URI Spoofing: WhatsApp, iMessage (Messages app), Instagram, Facebook Messenger. CVE-2020-20093, CVE-2020-20094, CVE-2020-20095, CVE-2020-20096

by Sick Codes

March 24, 2022

8

# Exploit Title: RTLO Injection URI Spoofing: WhatsApp, iMessage (Messages app), Instagram, Facebook Messenger. CVE-2020-20093, CVE-2020-20094, CVE-2020-20095, CVE-2020-20096 # Date: ...

QNX QOpenCD Packages

by Sick Codes

February 10, 2022

0

The packages on http://embedded.org.ua/status.html have gone stale, are here you'll find QNX binaries, and locations for latest versions for QNX ...

How to create a macOS recovery USB installer without macOS (on Linux/Windows)

by Sick Codes

January 29, 2022

3

If you need a macOS USB installer, but you cannot boot into macOS, you can still create one on Windows ...

Fix DIVD-2022-00002 - Grafana Upgrade Mitigation

Fix DIVD-2022-00002: Grafana versions 8.0.0-beta1 through 8.3.0 installed via dpkg/deb package. Mitigation:

by Sick Codes

January 21, 2022

0

In response to the amazing work by @j0v0x0 "Jordy Versmissen" from Detectify, the double-amazing Dutch Institute for Vulnerability Disclosure, known ...

CVE-2022-36123 – A vulnerability in Linux kernel mainline v5.18-rc1 through v5.19-rc6 does not clear statically allocated variables in the block starting symbol (.bss) due to a failed early_xen_iret_patch leading to an asm_exc_page_fault, or arbitrary code execution

CVE-2022-35414 – QEMU 4.1.50 through QEMU 7.0.0 – address_space_translate_for_iotlb allows a guest user to crash a host resulting in a denial of service.

Sick Codes @ DEF CON 30 August 11-14 2022!

Sick Codes Speaking LIVE in-person @ Hardwear.io USA 9-10th June 2022: Supply Chain Level 0: Grinding Tractors to a Halt – Growing Pains in Agricultural Hardware Security

CVE-2021-33318 IpMatcher v1.0.4.1 and below for .NET Core 2.0 and .NET Framework 4.5.2. incorrectly validates octal & hexadecimal input data, leading to indeterminate SSRF, LFI, RFI, and DoS vectors.

CVE-2022-28345 – Signal client for iOS version 5.33.2 and below are vulnerable to RTLO Injection URI Spoofing using malicious URLs such as gepj.net/selif#/moc.elpmaxe which would appear as example.com/#files/ten.jpeg

Exploit: RTLO Injection URI Spoofing: WhatsApp, iMessage (Messages app), Instagram, Facebook Messenger. CVE-2020-20093, CVE-2020-20094, CVE-2020-20095, CVE-2020-20096

QNX QOpenCD Packages

How to create a macOS recovery USB installer without macOS (on Linux/Windows)

Fix DIVD-2022-00002: Grafana versions 8.0.0-beta1 through 8.3.0 installed via dpkg/deb package. Mitigation:

@sickcodes

@sickcodes

@sickcodes

Discord Server

sickcodes.slack.com

t.me/sickcodeschat

./contact_form