XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX Security Vulnerabilities

CVE-2021-3759

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from...

CVE-2021-3759

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from...

CVE-2021-3759

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from...

Design/Logic Flaw

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from...

CVE-2021-3759

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from...

Uncovering a ChromeOS remote memory corruption vulnerability

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that can be triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE). Following our D-Bus blog post that focused on Linux, we searched for...

Uncovering a ChromeOS remote memory corruption vulnerability

Microsoft discovered a memory corruption vulnerability in a ChromeOS component that can be triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE). Following our D-Bus blog post that focused on Linux, we searched for...

Exploit for Out-of-bounds Write in Google Android

Fluoride Bluetooth stack Building and running on AOSP...

Exploit for Out-of-bounds Read in Google Android

Fluoride Bluetooth stack Building and running on AOSP...

CVE-2022-24951

A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the...

CVE-2022-24952

Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC...

CVE-2022-24952

Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC...

CVE-2022-24951

A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the...

CVE-2022-24951

A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the...

CVE-2022-24952

Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC...

Denial of service

Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC...

Race condition

A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the...

CVE-2022-24951

A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the...

GLSA-202208-08 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-08 (Mozilla Firefox: Multiple Vulnerabilities) Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

CVE-2022-24952

Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC...

Unbreakable Enterprise kernel-container security update

r[ 5.4.17-2136.310.7] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588} - x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] - x86/bugs: display dynamic retbleed state (Ankur Arora) ...

Unbreakable Enterprise kernel security update

[5.4.17-2136.310.7] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588} - x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] - x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug:...

Siemens Industrial Products with OPC UA (Update H)

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UA Vulnerability: Uncaught Exception 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

Security update for the Linux Kernel (important)

An update that solves 48 vulnerabilities, contains 26 features and has 202 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch...

Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices

Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to...

Quarterly Report: Incident Response Trends in Q2 2022

Commodity malware usage surpasses ransomware by narrow margin By Caitlin Huey. For the first time in more than a year, ransomware was not the top threat Cisco Talos Incident Response (CTIR) responded to this quarter, as commodity malware surpassed ransomware by a narrow margin. This is likely...

Security update for the Linux Kernel (important)

An update that solves 11 vulnerabilities and has 49 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new...

Internet Bug Bounty: Disabling context isolation, nodeIntegrationInSubFrames using an unauthorised frame.

Details can be found in the following github advisory: https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7 Impact Using a renderer exploit, context isolation and nodeIntegrationInSubFrames can be disabled, which enables an attacker to leak IPC module and communicate with...

Security update for the Linux Kernel (important)

An update that solves 49 vulnerabilities, contains 26 features and has 207 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch...

Dahua ASI7213X-T1 (Update A)

EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dahua Equipment: DHI-ASI7213X-T1 --------- Begin Update A Part 1 of 4 --------- Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Authentication Bypass by Capture-replay, Generation of...

Security update for the Linux Kernel (important)

An update that solves 11 vulnerabilities and has 44 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new...

Google Chrome WebGPU DoBufferDestroy kDirect allocation use-after-free vulnerability

Summary A use-after-free vulnerability exists in the WebGPU functionality of Google Chrome 102.0.4956.0 (Build) (64-bit) and 99.0.4844.82 (Build) (64-bit). A specially-crafted web page can lead to a use-after-free. An attacker can provide a crafted URL to trigger this vulnerability. Tested...

Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) in October....

Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) in October....

Security update for the Linux Kernel (important)

An update that solves 9 vulnerabilities and has 40 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a...

Fixed CVE-2020-12723 in perl-5.10.1

CVE-2020-12723: fix a buffer overflow caused by a crafted regular expression because of recursive S_study_chunk...

DFSCoerce

Coerce an authentication attempt over SMB to other machines via MS-DFSNM...

Multiple Dahua Products Denial of Service Vulnerabilities

Dahua IPC-HFW2XXX is a series of IP cameras, Dahua IPC-HDBW2XXX is a series of cameras, Dahua ASI7XXXX is a series of face recognition access controllers, and Dahua IPC-HFW2XXX is a series of IP cameras. A denial of service vulnerability exists in several Dahua products, which could be exploited...

CVE-2022-30561

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login...

CVE-2022-30560

When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to...

CVE-2022-30563

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login...

CVE-2022-30562

If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled...

Code injection

When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to...

Cross site request forgery (csrf)

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login...

Design/Logic Flaw

If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled...

Cross site request forgery (csrf)

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login...

Malicious code in twitch-desktop-ipc (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c787746a2be826fd330c7419d1ed5aa4302810f6f886ea9eeddae31eb8474dbb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Impact This vulnerability allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames enabled which in turn allows effective access to ipcRenderer. Please note the misleadingly named nodeIntegrationInSubFrames option does not implicitly grant...

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Impact This vulnerability allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames enabled which in turn allows effective access to ipcRenderer. Please note the misleadingly named nodeIntegrationInSubFrames option does not implicitly grant...

Siemens PROFINET-IO Stack (Update H)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....