PT-2022-5315 · Asus +1 · Asussoftwaremanager.Exe +3

Name of the Vulnerable Software and Affected Versions: ASUS System Control Interface versions prior to 3.1.5.0 AsusSoftwareManager.exe versions prior to 1.0.53.0 AsusLiveUpdate.dll versions prior to 1.0.45.0 Description: The issue is related to incorrect default permissions in the System Control...

CVE-2022-36438

AsusSwitch.exe on ASUS personal computers running Windows sets weak file permissions, leading to local privilege escalation this also can be used to delete files within the system arbitrarily. This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which stems from incorrect input validation in CCCI, and can be exploited by an attacker to obtain local information. mt6771, mt6779, mt6781, mt6785, mt6833, mt6853, mt6873...

The vulnerability of Emerson DeltaV industrial control stations, related to the use of cryptographic algorithms containing vulnerabilities, allows an intruder to gain access to the system’s control interface.

The vulnerability of Emerson DeltaV industrial control stations lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow an attacker operating remotely to gain access to the system’s control interface...

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in their ability to bypass the authentication process using capture-replay techniques for intercepted parameters. This allows attackers to gain access to the device’s control interface.

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in the ability to bypass the authentication process by using capture-replay techniques to intercept and replay captured parameters. Exploiting this vulnerability can allow an intruder to gain...

Low-rent RAT Worries Researchers

For about the price of a cup of Starbucks latte, a hacker is renting out a remote access trojan designed to backdoor targeted networks. Dubbed as Dark Crystal RAT or DCRat, the malware is being peddled online to hackers in Russian by a lone rookie malware writer with a penchant for cut-rate...

PT-2022-6194 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to the i740 driver in the Linux Kernel, where a Userspace program can pass any values to the driver through the ioctl interface. The driver does not check the valu...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5161-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5161-1 advisory. Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some...

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5136-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5136-1 advisory. It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use...

CVE-2021-42252

An issue was discovered in aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs becaus...

The vulnerability of the iControl REST API interface for access control and remote authentication solutions like BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) as well as the server software BIG-IQ Centralized Management allows a perpetrator to execute arbitrary commands on the target system.

The vulnerability of the iControl REST API for access control and remote authentication tools of BIG-IP LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO as well as the server software BIG-IQ Centralized Management is related to insufficient...

PT-2021-7381 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.14.6 Description: An issue was discovered in the aspeed lpc ctrl mmap function in the Linux kernel, which could allow local attackers to overwrite memory in the kernel and potentially execute privileges. This...

CVE-2021-32525

The same hard-coded password in QSAN Storage Manager's in the firmware allows remote attackers to access the control interface with the administrator’s credential, entering the hard-coded password of the debug mode to execute the restricted system instructions. The referred vulnerability has been...

CVE-2021-32525

The CVE-2021-32525 issue affects QSAN Storage Manager (QSAN NAS OS) with hard-coded credentials in firmware up to version 3.3.1 (build 202101041800). The root cause is a hard-coded administrator credential in the debug mode password, allowing remote actors to access the control interface and exec...

QSAN Storage Manager 信任管理问题漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A hard-coded credentials vulnerability exists in QSAN Storage Manager version 3.3.1 build 202101041800 and prior versions. An attacker can exploit this vulnerability to open the control interface via the...

STEM Audio Table Rife with Business-Threatening Bugs

The STEM Audio Table conference-room speaker has a security vulnerability that would allow unauthenticated remote code execution RCE as root – paving the way for eavesdropping on conversations, denial of service, lateral movement throughout enterprise networks and more. And, there are multiple...

The vulnerability of the cluster software-defined networking control interface of Cisco SD-WAN allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Cisco SD-WAN programmatically-defined network management interface is related to privilege management errors. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the cluster software-defined networking control interface of Cisco SD-WAN allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Cisco SD-WAN programmatically-defined network management interface is related to privilege management errors. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

CVE-2021-23872

Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection MTP prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface...

Google Android 资源管理错误漏洞

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. Google Android 11 suffers from an elevation of privilege vulnerability. The vulnerability arises due to memory corruption due to post-release reuse in wpasctrlmsgqueuetimeout of...