🕴 The Industrywide Consequences of Making Security Products Inaccessible 🕴
📖 Read
via "Dark Reading".
Accessibility won't solve all of the industry's problems, but it can help tackle a few.📖 Read
via "Dark Reading".
Dark Reading
The Industrywide Consequences of Making Security Products Inaccessible
Accessibility won't solve all of the industry's problems, but it can help tackle a few.
‼ CVE-2023-27382 ‼
📖 Read
via "National Vulnerability Database".
Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27563 ‼
📖 Read
via "National Vulnerability Database".
The n8n package 0.218.0 for Node.js allows Escalation of Privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34147 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41693 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41687 ‼
📖 Read
via "National Vulnerability Database".
Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41979 ‼
📖 Read
via "National Vulnerability Database".
Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41621 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37409 ‼
📖 Read
via "National Vulnerability Database".
Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41699 ‼
📖 Read
via "National Vulnerability Database".
Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41690 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22440 ‼
📖 Read
via "National Vulnerability Database".
Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25772 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31471 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25175 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31910 ‼
📖 Read
via "National Vulnerability Database".
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27386 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25771 ‼
📖 Read
via "National Vulnerability Database".
Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25776 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25568 ‼
📖 Read
via "National Vulnerability Database".
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users accepting untrusted connections with the Bitswap server and also affects users using the old API stubs at `github.com/ipfs/go-libipfs/bitswap` because users then transitively import `github.com/ipfs/go-libipfs/bitswap/server`. Boxo versions 0.6.0 and 0.4.1 contain a patch for this issue. As a workaround, those who are using the stub object at `github.com/ipfs/go-libipfs/bitswap` not taking advantage of the features provided by the server can refactor their code to use the new split API that will allow them to run in a client only mode: `github.com/ipfs/go-libipfs/bitswap/client`.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-28699 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".