βΌ CVE-2023-28237 βΌ
π Read
via "National Vulnerability Database".
Windows Kernel Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-28243 βΌ
π Read
via "National Vulnerability Database".
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-23375 βΌ
π Read
via "National Vulnerability Database".
Microsoft ODBC and OLE DB Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-28311 βΌ
π Read
via "National Vulnerability Database".
Microsoft Word Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βοΈ Microsoft (& Apple) Patch Tuesday, April 2023 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones, iPads and Macs.π Read
via "Krebs on Security".
Krebs on Security
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set ofβ¦
βΌ CVE-2023-22613 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.π Read
via "National Vulnerability Database".
β Attention gamers! Motherboard maker MSI admits to breach, issues βrogue firmwareβ alert β
π Read
via "Naked Security".
Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.π Read
via "Naked Security".
Naked Security
Attention gamers! Motherboard maker MSI admits to breach, issues βrogue firmwareβ alert
Stealing private keys is like getting hold of a medieval monarchβs personal signet ringβ¦ you get to put an official seal on treasonous material.
βΌ CVE-2022-48437 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30512 βΌ
π Read
via "National Vulnerability Database".
CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret.π Read
via "National Vulnerability Database".
π΄ CrowdStrike Expands Falcon to Include IoT π΄
π Read
via "Dark Reading".
CrowdStrike Falcon Insight for IoT covers Internet of Things, Industrial IoT, Operations Technology, as well as medical devices.π Read
via "Dark Reading".
Dark Reading
CrowdStrike Expands Falcon to Include IoT
CrowdStrike Falcon Insight for IoT covers the Internet of Things, industrial IoT, operational technology, as well as medical devices.
π’ OpenAI to pay up to $20k in rewards through new bug bounty program π’
π Read
via "ITPro".
The move follows a period of unrest over data security concernsπ Read
via "ITPro".
ITPro
OpenAI to pay up to $20k in rewards through new bug bounty program
The move follows a period of unrest over data security concerns
β Microsoft fixes a zero-day β and two curious bugs that take the Secure out of Secure Boot β
π Read
via "Naked Security".
Is Secure Boot without the Secure just "Boot"?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-29580 βΌ
π Read
via "National Vulnerability Database".
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27826 βΌ
π Read
via "National Vulnerability Database".
SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47053 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1829 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation.Γ The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure.Γ A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22616 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24350 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Specially formatted buffer contents used for software SMI could cause SMRAM corruption, leading to escalation of privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29574 βΌ
π Read
via "National Vulnerability Database".
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27216 βΌ
π Read
via "National Vulnerability Database".
An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page.π Read
via "National Vulnerability Database".