🕴 Adobe Releases PDF Protected Mode for Document Cloud 🕴
📖 Read
via "Dark Reading: ".
The preview, open to Windows users, opens PDF files in a sandbox to protect users who open malicious Acrobat documents.📖 Read
via "Dark Reading: ".
Dark Reading
Adobe Releases PDF Protected Mode for Document Cloud
The preview, open to Windows users, opens PDF files in a sandbox to protect users who open malicious Acrobat documents.
🕴 CIA's 'Lax' Security Led to 2017 Compromise of Its Hacking Tools 🕴
📖 Read
via "Dark Reading: ".
Internal CIA report released today shows poor security controls surrounding the intelligence agency's hacking tools.📖 Read
via "Dark Reading: ".
Dark Reading
CIA's 'Lax' Security Led to 2017 Compromise of Its Hacking Tools
Internal CIA report released today shows poor security controls surrounding the intelligence agency's hacking tools.
🕴 'Ripple20' Bugs Plague Enterprise, Industrial & Medical IoT Devices 🕴
📖 Read
via "Dark Reading: ".
Researchers discover 19 vulnerabilities in a TCP/IP software library manufacturers have used in connected devices for 20 years.📖 Read
via "Dark Reading: ".
Dark Reading
'Ripple20' Bugs Plague Enterprise, Industrial & Medical IoT Devices
Researchers discover 19 vulnerabilities in a TCP/IP software library manufacturers have used in connected devices for 20 years.
🕴 Hosting Provider Hit With Largest-Ever DDoS Attack 🕴
📖 Read
via "Dark Reading: ".
Likely looking to make a statement, attackers targeted specific websites hosted by a single provider with a 1.44 terabit-per-second distributed denial-of-service attack, according to Akamai.📖 Read
via "Dark Reading: ".
Dark Reading
Hosting Provider Hit With Largest-Ever DDoS Attack
Likely looking to make a statement, attackers targeted specific websites hosted by a single provider with a 1.44 terabit-per-second distributed denial-of-service attack, according to Akamai.
ATENTION‼ New - CVE-2019-17655
📖 Read
via "National Vulnerability Database".
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and below may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0540
📖 Read
via "National Vulnerability Database".
Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0539
📖 Read
via "National Vulnerability Database".
Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0538
📖 Read
via "National Vulnerability Database".
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0537
📖 Read
via "National Vulnerability Database".
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0536
📖 Read
via "National Vulnerability Database".
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0535
📖 Read
via "National Vulnerability Database".
Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0534
📖 Read
via "National Vulnerability Database".
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0533
📖 Read
via "National Vulnerability Database".
Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0532
📖 Read
via "National Vulnerability Database".
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0531
📖 Read
via "National Vulnerability Database".
Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0529
📖 Read
via "National Vulnerability Database".
Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0528
📖 Read
via "National Vulnerability Database".
Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0527
📖 Read
via "National Vulnerability Database".
Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0235
📖 Read
via "National Vulnerability Database".
In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copy_from_user", ending up overwriting memory following "crus_sp_hdr". "crus_sp_hdr" is a static variable, of type "struct crus_sp_ioctl_header".Product: AndroidVersions: Android kernelAndroid ID: A-135129430📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0234
📖 Read
via "National Vulnerability Database".
In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148189280📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0232
📖 Read
via "National Vulnerability Database".
Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abc_pcie_dma_user_xfer_clean. If this happens, abc_pcie_start_dma_xfer and abc_pcie_wait_dma_xfer in the original thread will trigger UAF when working with the transfer object.Product: AndroidVersions: Android kernelAndroid ID: A-151453714📖 Read
via "National Vulnerability Database".