Amazon AWS IoT Device SDK 信任管理问题漏洞

The Amazon AWS IoT Device SDK is a collection of C source files under the MIT Open Source License from Amazon.com, Inc. that can be used in embedded applications to securely connect IoT devices to the AWS IoT Core.It includes an MQTT, JSON parser, and the AWS IoT Device Shadow library. It is...

Qualcomm Audio Security Vulnerability

Qualcomm Audio is an audio device software from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Audio that stems from an improper check in header extraction that exceeds restricted memory access...

CVE-2019-14596

Improper access control in the installer for IntelR Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access...

Intel Fixes High-Severity Flaw in Performance Analysis Tool

Intel is warning of a high-severity vulnerability in its performance analysis tool called Intel VTune Profiler. If exploited the flaw allows an adversary to perform a privilege escalation attack, giving them elevated and unauthorized system access to a targeted system. The VTune Profiler, formerl...

Intel Chipset Device Software INF Utility Advisory - Lenovo Support US

Lenovo Security Advisory: LEN-29926 Potential Impact: Denial of Service Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2019-14596 Summary Description: Intel reported a potential security vulnerability in Intel Chipset Device Software INF Utility which may allow denial of...

Intel Chipset Device Software INF Utility Advisory - Lenovo Support US

No description provided...

Cisco IOS XE IOx Guest Shell Namespace Protection Vulnerability

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices. An IOx Guest Shell namespace protection vulnerability exists in the file system of Cisco IOS XE. The vulnerability stems from insufficient file permissions. An attacker can exploit this vulnerability by modifyi...

CVE-2019-1839

A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attack...

CVE-2019-1839

Cisco Remote PHY Device Software contains a command injection vulnerability that can be exploited by an authenticated local attacker with administrator access to execute arbitrary commands as root due to improper input sanitization. The issue affects the underlying Linux shell on affected devices...

Intel Chipset Device Software Elevation of Privilege Vulnerability

Intel Chipset Device Software is a chipset firmware update utility from Intel Corporation USA. A security vulnerability exists in the installer in Intel Chipset Device Software INF Update Utility versions prior to 10.1.1.45. A local attacker can exploit the vulnerability to elevate privileges...

CVE-2019-0128

Improper permissions in the installer for IntelR Chipset Device Software INF Update Utility before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access...

CVE-2019-0128

Improper permissions in the installer for IntelR Chipset Device Software INF Update Utility before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access...

CVE-2019-0128

CVE-2019-0128 affects Intel Chipset Device Software (INF Update Utility) before version 10.1.1.45. The root cause is improper permissions in the installer, allowing an authenticated user to escalate privileges via local access. Reported impact is local elevation of privileges with partial confide...

Intel Chipset Device Software Vulnerability - Lenovo Support US

No description provided...

The vulnerabilities of SIMATIC device software, related to errors in cryptography usage, allow attackers to obtain the TLS session key.

The vulnerability of SIMATIC device software is related to errors in the use of cryptography. Exploiting this vulnerability can allow a perpetrator with access to the web interface to obtain the TLS session key while monitoring the TLS traffic between the legitimate user and the device...

PVS 7.6: Upgrade Error "A system error as occurred error 0x00000103. No more data is available"

Performed an unattended upgrade from PVS 6.1 = PVS 7.6. Then when attempting to promote a version from Maintenance in the 7.6 farm the following error appears in the PVS Console:"Error: a system error as occurred error 0x00000103. No more data is available" It doesn’t matter if the disk has the 7...

Error while uninstalling PVS target device software : TargetDir entry was not found in registry

We see the following error on trying to uninstall target device software : TargetDir entry was not found in registry...

Unauthenticated Buffer Overflow in GlobalProtect/SSL VPN Web Interface

When a PAN-OS device is configured as a GlobalProtect portal, a vulnerability exists where an improper handling of a buffer involved in the processing of SSL VPN requests can result in device crash and possible remote code execution. Ref. 89752 CVE-2016-3657 An attacker with network access to the...

How to Perform Reverse Imaging on a Provisioning Services Target Device for Windows and its Applicable Usages

When a Provisioning Services Target Device for Windows is booted from Provisioning Services across the network, it is not possible to perform any software updates that affect the network stack, since the network stack changes will drop the connection to the vDisk. The following provides a list of...

Best Practices for Upgrading a Hypervisor Tools Version in a Citrix Provisioning Environment

This article describes the steps for upgrading a hypervisor tools version in a Citrix Provisioning environment. Use the following procedure to upgrade a Hypervisor: 1. Reverse image the vdisk. 2. Boot from the local HDD on the VM that has been reverse imaged to. 3. Uninstall the PVS target...