βΌ CVE-2023-22613 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.π Read
via "National Vulnerability Database".
β Attention gamers! Motherboard maker MSI admits to breach, issues βrogue firmwareβ alert β
π Read
via "Naked Security".
Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.π Read
via "Naked Security".
Naked Security
Attention gamers! Motherboard maker MSI admits to breach, issues βrogue firmwareβ alert
Stealing private keys is like getting hold of a medieval monarchβs personal signet ringβ¦ you get to put an official seal on treasonous material.
βΌ CVE-2022-48437 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30512 βΌ
π Read
via "National Vulnerability Database".
CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret.π Read
via "National Vulnerability Database".
π΄ CrowdStrike Expands Falcon to Include IoT π΄
π Read
via "Dark Reading".
CrowdStrike Falcon Insight for IoT covers Internet of Things, Industrial IoT, Operations Technology, as well as medical devices.π Read
via "Dark Reading".
Dark Reading
CrowdStrike Expands Falcon to Include IoT
CrowdStrike Falcon Insight for IoT covers the Internet of Things, industrial IoT, operational technology, as well as medical devices.
π’ OpenAI to pay up to $20k in rewards through new bug bounty program π’
π Read
via "ITPro".
The move follows a period of unrest over data security concernsπ Read
via "ITPro".
ITPro
OpenAI to pay up to $20k in rewards through new bug bounty program
The move follows a period of unrest over data security concerns
β Microsoft fixes a zero-day β and two curious bugs that take the Secure out of Secure Boot β
π Read
via "Naked Security".
Is Secure Boot without the Secure just "Boot"?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2023-29580 βΌ
π Read
via "National Vulnerability Database".
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27826 βΌ
π Read
via "National Vulnerability Database".
SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47053 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1829 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation.Γ The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure.Γ A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22616 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24350 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Specially formatted buffer contents used for software SMI could cause SMRAM corruption, leading to escalation of privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29574 βΌ
π Read
via "National Vulnerability Database".
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27216 βΌ
π Read
via "National Vulnerability Database".
An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27703 βΌ
π Read
via "National Vulnerability Database".
The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug interface.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0006 βΌ
π Read
via "National Vulnerability Database".
A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1872 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26852 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0005 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0004 βΌ
π Read
via "National Vulnerability Database".
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software.π Read
via "National Vulnerability Database".