CVE-2019-14596

Improper access control in the installer for IntelR Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access...

Intel Fixes High-Severity Flaw in Performance Analysis Tool

Intel is warning of a high-severity vulnerability in its performance analysis tool called Intel VTune Profiler. If exploited the flaw allows an adversary to perform a privilege escalation attack, giving them elevated and unauthorized system access to a targeted system. The VTune Profiler, formerl...

CVE-2019-11104

Insufficient input validation in MEInfo software for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2018-11980

The CVE-2018-11980 issue is a buffer overflow in Qualcomm/Snapdragon WLAN host code caused by a missing length check in wma_process_bip when handling a fake 11w multicast rmf without mmie. Affected are Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdra...

CVE-2019-10493

CVE-2019-10493 is a critical flaw in Qualcomm closed‑source components used in Snapdragon devices (e.g., Auto/Compute/IoT/mobile/wearables). The issue degrades position determination accuracy due to wrongly decoded information across a long list of Snapdragon platforms (APQ8053, MDMs, SDMs, SXR, ...

Hacking Hardware Password Managers: Royal Vault Password Keeper

TL;DR: Taking three hardware password managers I used them to: Learn the basics of hardware hacking Practice disassembling Perform chipset research Understand pinouts and protocols Read data off each device The royal password vault boards looked to be reused from a previous hardware device with...

Intel Chipset Device Software INF Utility Advisory - Lenovo Support US

No description provided...

Intel Chipset Device Software INF Utility Advisory - Lenovo Support US

Lenovo Security Advisory: LEN-29926 Potential Impact: Denial of Service Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2019-14596 Summary Description: Intel reported a potential security vulnerability in Intel Chipset Device Software INF Utility which may allow denial of...

UBUNTU-CVE-2019-14896

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service system crash or, possibly execute arbitrary code, when the lbsibssjoinexisting function is called after a STA connects to...

CVE-2019-2329

Use after free issue in cleanup routine due to missing pointer sanitization for a failed start of a trusted application. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845,...

USN-4185-1: Linux kernel vulnerabilities

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions TSX could expose...

Microsoft Patches RCE Bug Actively Under Attack

A critical bug in a Microsoft scripting engine, under active attack, has been patched as part of Microsoft’s Patch Tuesday security roundup. The vulnerability exists in Internet Explorer and allows an attacker to execute rogue code if a victim is coaxed into visiting a malicious web page, or, if...

Security Advisory - Two Heap Buffer Overflow Vulnerabilities in Broadcom WiFi Chipset Drivers

There are two heap buffer overflow vulnerabilities in Broadcom WiFi chipset drivers. A remote, unauthenticated attacker may send specially-crafted WiFi packets to exploit these vulnerabilities. Successfully exploit may cause Wi-Fi functions abnormal. Vulnerability ID: HWPSIRT-2019-04121 and...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4147-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4147-1 advisory. It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup TDLS. A physically...

September 24, 2019—KB4516061 (OS Build 14393.3242)

September 24, 2019—KB4516061 OS Build 14393.3242 Reminder The additional servicing for Windows 10 Enterprise, Education, and IoT Enterprise editions ended on April 9, 2019 and doesn't extend beyond this date. To continue receiving security and quality updates, Microsoft recommends updating to the...

September 23, 2019—KB4522010 (OS Build 14393.3206)

September 23, 2019—KB4522010 OS Build 14393.3206 Reminder The additional servicing for Windows 10 Enterprise, Education, and IoT Enterprise editions ended on April 9, 2019 and doesn't extend beyond this date. To continue receiving security and quality updates, Microsoft recommends updating to the...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4145-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4145-1 advisory. It was discovered that a race condition existed in the GFS2 file system in the Linux kernel. A local attacker could possibly use this to cause a denial o...

June 27, 2019—KB4509475 (OS Build 14393.3056)

June 27, 2019—KB4509475 OS Build 14393.3056 Reminder: The additional servicing for Windows 10 Enterprise, Education, and IoT Enterprise editions ends on April 9, 2019 and doesn't extend beyond this date. To continue receiving security and quality updates, Microsoft recommends updating to the late...

Lenovo Warns of ThinkPad Bugs, One Unpatched

Dozens of Lenovo’s flagship ThinkPad models are vulnerable to bugs ranging in severity from low to high. Two of the flaws are tied to industry-wide security bulletins, while a medium-severity flaw affects only Lenovo laptops but remains unpatched. The most severe of the three bugs is a...

Null pointer dereference

Pointer dereference while freeing IFE resources due to lack of length check of in port resource. in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD...