🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-25415 ‼

Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Event Notification configuration.

📖 Read

via "National Vulnerability Database".

127 views22:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-24931 ‼

Windows Secure Channel Denial of Service Vulnerability

📖 Read

via "National Vulnerability Database".

127 views22:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-26551 ‼

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop.

📖 Read

via "National Vulnerability Database".

128 views22:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-22808 ‼

An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.

📖 Read

via "National Vulnerability Database".

137 views22:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-28808 ‼

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.

📖 Read

via "National Vulnerability Database".

141 views22:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-28226 ‼

Windows Enroll Engine Security Feature Bypass Vulnerability

📖 Read

via "National Vulnerability Database".

150 views22:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-28255 ‼

Windows DNS Server Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".

156 views22:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-28301 ‼

Microsoft Edge (Chromium-based) Tampering Vulnerability

📖 Read

via "National Vulnerability Database".

158 views22:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-28271 ‼

Windows Kernel Memory Information Disclosure Vulnerability

📖 Read

via "National Vulnerability Database".

162 views22:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-28299 ‼

Visual Studio Spoofing Vulnerability

📖 Read

via "National Vulnerability Database".

174 views22:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-28300 ‼

Azure Service Connector Security Feature Bypass Vulnerability

📖 Read

via "National Vulnerability Database".

180 views22:29

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-28237 ‼

Windows Kernel Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".

211 views22:30

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-28243 ‼

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".

257 views22:30

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-23375 ‼

Microsoft ODBC and OLE DB Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".

282 views22:30

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-28311 ‼

Microsoft Word Remote Code Execution Vulnerability

📖 Read

via "National Vulnerability Database".

303 views22:30

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-28228 ‼

Windows Spoofing Vulnerability

📖 Read

via "National Vulnerability Database".

362 views22:30

🛡 Cybersecurity & Privacy 🛡 - News

♟️ Microsoft (& Apple) Patch Tuesday, April 2023 Edition ♟️

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones, iPads and Macs.

📖 Read

via "Krebs on Security".

Krebs on Security

Microsoft (& Apple) Patch Tuesday, April 2023 Edition

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of…

480 views00:20

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-22613 ‼

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.

📖 Read

via "National Vulnerability Database".

525 views00:37

🛡 Cybersecurity & Privacy 🛡 - News

⚠ Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert ⚠

Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.

📖 Read

via "Naked Security".

Naked Security

Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

Stealing private keys is like getting hold of a medieval monarch’s personal signet ring… you get to put an official seal on treasonous material.

539 views08:50

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-48437 ‼

An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.

📖 Read

via "National Vulnerability Database".

492 views10:23

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2023-30512 ‼

CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret.

📖 Read

via "National Vulnerability Database".

472 views10:24

About

Blog

Apps

Platform