ATENTIONβΌ New - CVE-2019-17655
π Read
via "National Vulnerability Database".
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and below may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0540
π Read
via "National Vulnerability Database".
Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0539
π Read
via "National Vulnerability Database".
Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0538
π Read
via "National Vulnerability Database".
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0537
π Read
via "National Vulnerability Database".
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0536
π Read
via "National Vulnerability Database".
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0535
π Read
via "National Vulnerability Database".
Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0534
π Read
via "National Vulnerability Database".
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0533
π Read
via "National Vulnerability Database".
Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0532
π Read
via "National Vulnerability Database".
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0531
π Read
via "National Vulnerability Database".
Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0529
π Read
via "National Vulnerability Database".
Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0528
π Read
via "National Vulnerability Database".
Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0527
π Read
via "National Vulnerability Database".
Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0235
π Read
via "National Vulnerability Database".
In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copy_from_user", ending up overwriting memory following "crus_sp_hdr". "crus_sp_hdr" is a static variable, of type "struct crus_sp_ioctl_header".Product: AndroidVersions: Android kernelAndroid ID: A-135129430π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0234
π Read
via "National Vulnerability Database".
In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148189280π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0232
π Read
via "National Vulnerability Database".
Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abc_pcie_dma_user_xfer_clean. If this happens, abc_pcie_start_dma_xfer and abc_pcie_wait_dma_xfer in the original thread will trigger UAF when working with the transfer object.Product: AndroidVersions: Android kernelAndroid ID: A-151453714π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0223
π Read
via "National Vulnerability Database".
This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450π Read
via "National Vulnerability Database".
β LinkedIn βJob Offersβ Targeted Aerospace, Military Firms With Malware β
π Read
via "Threatpost".
A recent malware campaign targeted victims at European and Middle East aerospace and military companies - via LinkedIn spear-phishing messages.π Read
via "Threatpost".
Threat Post
LinkedIn βJob Offersβ Targets Aerospace, Military Firms With Malware
A recent malware campaign targeted victims at European and Middle East aerospace and military companies - via LinkedIn spear-phishing messages.
β eBay staff charged with cyberstalking, sending fetal pig and spiders β
π Read
via "Naked Security".
6 execs and employees have been charged with cyberharassing a couple who published an e-commerce newsletter sometimes critical of the company.π Read
via "Naked Security".
Naked Security
eBay staff charged with cyberstalking, sending fetal pig and spiders
6 execs and employees have been charged with cyberharassing a couple who published an e-commerce newsletter sometimes critical of the company.
β More ad fraud apps found hiding on Google Play Store β
π Read
via "Naked Security".
Fraudulent Android app developers have been discovered trying to manipulate Googleβs Play Store security by removing suspicious code before adding it back in to see what trips detection systems.π Read
via "Naked Security".
Naked Security
More ad fraud apps found hiding on Google Play Store
Fraudulent Android app developers have been discovered trying to manipulate Googleβs Play Store security by removing suspicious code before adding it back in to see what trips detection systems.