‼ CVE-2023-31471 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25175 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31910 ‼
📖 Read
via "National Vulnerability Database".
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27386 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25771 ‼
📖 Read
via "National Vulnerability Database".
Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25776 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25568 ‼
📖 Read
via "National Vulnerability Database".
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users accepting untrusted connections with the Bitswap server and also affects users using the old API stubs at `github.com/ipfs/go-libipfs/bitswap` because users then transitively import `github.com/ipfs/go-libipfs/bitswap/server`. Boxo versions 0.6.0 and 0.4.1 contain a patch for this issue. As a workaround, those who are using the stub object at `github.com/ipfs/go-libipfs/bitswap` not taking advantage of the features provided by the server can refactor their code to use the new split API that will allow them to run in a client only mode: `github.com/ipfs/go-libipfs/bitswap/client`.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-28699 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43465 ‼
📖 Read
via "National Vulnerability Database".
Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44619 ‼
📖 Read
via "National Vulnerability Database".
Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41998 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45128 ‼
📖 Read
via "National Vulnerability Database".
Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41769 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
🕴 RapperBot Crew Drops DDoS/CryptoJacking Botnet Collab 🕴
📖 Read
via "Dark Reading".
Cryptomining is a logical partner for an existing IoT-focused DDoS botnet, so the RapperBot authors customized XMRig to make it happen.📖 Read
via "Dark Reading".
Dark Reading
RapperBot Crew Drops DDoS/CryptoJacking Botnet Collab
Cryptomining is a logical partner for an existing IoT-focused DDoS botnet, so the RapperBot authors customized XMRig to make it happen.
🕴 Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years 🕴
📖 Read
via "Dark Reading".
While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed.📖 Read
via "Dark Reading".
Dark Reading
Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years
While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed.
‼ CVE-2022-42878 ‼
📖 Read
via "National Vulnerability Database".
Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41808 ‼
📖 Read
via "National Vulnerability Database".
Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30338 ‼
📖 Read
via "National Vulnerability Database".
Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41982 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22312 ‼
📖 Read
via "National Vulnerability Database".
Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38787 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in firmware for some Intel(R) FPGA products before version 2.7.0 Hotfix may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".