kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system...

PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks

The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to...

K52320548: Expat vulnerability CVE-2016-0718

Security Advisory Description An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code...

kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Security Bulletin: Apr 2020 : Multiple vulnerabilities in IBM Java Runtime affect IBM CICS TX on Cloud

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0 used by IBM CICS TX on Cloud. IBM CICS TX on Cloud has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE...

Mozilla Releases Security Updates for Firefox 110 and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox 110 and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox 110 and Firefox ESR...

Privilege escalation

Dell SupportAssist for Home PCs version 3.11.4 and prior and SupportAssist for Business PCs version 3.2.0 and prior contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the...

CVE-2022-39060

ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEYCURRENTUSER subkey ex: AutoRUN in Registry where malicious scripts can be executed to take control of the system...

PT-2023-13680 · Changingtec · Changingtech Megaservisignadapter

Name of the Vulnerable Software and Affected Versions: ChangingTech MegaServiSignAdapter affected versions not specified Description: The issue is related to improper input validation in the ChangingTech MegaServiSignAdapter component. An unauthenticated remote attacker can exploit this to access...

Security Bulletin: Vulnerabilities in Java SE affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Summary Several vulnerabilities in Java SE affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see the vulnerability details and apply the suggested remediation/Fixes listed below. Vulnerability Details CVEID:CVE-2021-35560 DESCRIPTION: An unspecified vulnerability in...

Juniper Networks Releases Security Updates for Multiple Products

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper Networks’ security advisories page and...

GIGABYTE AORUS GRAPHICS ENGINE < 1.57 Multiple Vulnerabilities

The version of GIGABYTE AORUS GRAPHICS ENGINE installed on the remote host is prior to 1.57. It is, therefore, affected by multiple vulnerabilities as referenced in GIGABYTE security advisory 1801: - The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE befo...

CVE-2022-41653

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system...

CVE-2022-41653

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system...

Design/Logic Flaw

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system...

CVE-2022-41653

The CVE-2022-41653 entry concerns Daikin SVMPC1 (versions 2.1.22 and earlier) and SVMPC2 (versions 1.2.3 and earlier). Connected documents confirm a root cause involving a hard-coded password that enables a remote attacker to obtain user credentials, log in to the device, and take full control of...

CVE-2022-41653

Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system...

CVE-2022-41267

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrit...

CVE-2022-41267

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrit...

CVE-2022-41264

The CVE-2022-41264 issue affects SAP BASIS components (versions 731, 740, 750–757, 789–791) where the unrestricted scope of the RFC function module allows an authenticated non-administrator to access a system class and execute any of its public methods with attacker-supplied parameters. This can ...