EUVD-2019-0927

Malware in sbrugna...

ABB Cylon Aspect 3.08.01 File Upload MD5 Checksum Bypass

ABB Cylon Aspect 3.08.01 badassMode File Upload MD5 Checksum Bypass Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy managemen...

ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion

ABB Cylon Aspect 3.08.01 calendarFileDelete.php Arbitrary File Deletion Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

kernel: Local information disclosure on Intel(R) Atom(R) processors

A vulnerability was found in some Intel Atom Processor's microcode. This issue may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted system...

ABB Cylon Aspect 3.07.00 Remote Code Execution

ABB Cylon Aspect 3.07.00 networkDiagAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.00 Summary: ASPECT is an award-winning scalable building energy management...

RHEL 5 : hw (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - hw: TSX Transaction Asynchronous Abort TAA CVE-2019-11135 - hw: Fast forward store predictor CVE-2020-869...

CVE-2023-28746

A vulnerability was found in some Intel Atom Processor's microcode. This issue may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted system...

2024.1 IPU - Intel® Atom® Processor Advisory

Summary: A potential security vulnerability in some Intel® Atom® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28746 Description: Information exposure through microarchitectural sta...

2023.3 IPU - BIOS Advisory

Summary: Potential security vulnerabilities in the BIOS firmware for some Intel® Processors may allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-37343...

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 2

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. Last week, we covered the basics of the exercise and achieving access to flash memory. In this post, we'll cover how to extract partition data. Extracting partition data The next step in our hands-on IoT hacking...

BIOS Reference Code Advisory

Summary: Potential security vulnerabilities in the BIOS reference code for some Intel® Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2021-0157 Description: Insufficient control flow...

Intel BIOS Platform Sample Code Advisory

Summary: Potential security vulnerabilities in Intel BIOS platform sample code for some Intel® Processors may allow escalation of privilege. Intel is releasing BIOS platform sample code updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2020-8764 Description:...

NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0008)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities: - Insufficient access control in subsystem for Intel R processor graphics in 6th, 7th, 8th and 9th Generation IntelR CoreTM Processor Families;...

Input validation

Insufficient input validation in system firmware for IntelR XeonR Scalable Processors, IntelR XeonR Processors D Family, IntelR XeonR Processors E5 v4 Family, IntelR XeonR Processors E7 v4 Family and IntelR AtomR processor C Series may allow a privileged user to potentially enable escalation of...

Multiple Intel Products CVE-2019-0155 Local Privilege Escalation Vulnerability

Description Multiple Intel Products are prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges, obtain sensitive information, cause memory corruption or denial-of-service conditions. Technologies Affected Intel 6th generation Core...

Multiple Intel Products CVE-2019-0154 Denial of Service Vulnerability

Description Multiple Intel Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Technologies Affected Intel 6th generation Core processors Intel 7th generation Core processors Intel 8th generation Core processors Intel...

Multiple Intel Processors Side Channel CVE-2019-11135 Information Disclosure Vulnerability

Description Multiple Intel Processors are prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Citrix Hypervisor 8.0 Citrix XenServer 7.0 Citrix XenServer 7.1 LTSR CU2...

Intel Smart Sound Tech Vulnerable to Three High-Severity Bugs

Intel issued three fixes for bugs that could allow a local attacker to execute code on Intel Core and Atom processor-based PCs. The vulnerabilities are tied to versions of its own Intel Smart Sound Technology, used to boost audio processing for tasks such as voice commands and interactions with...

Multiple CPU Hardware CVE-2018-3639 Information Disclosure Vulnerability

Description Multiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected ARM Cortex A15 ARM Cortex A57 ARM Cortex A72 IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1 IBM Aix...

Unsafe Opcodes exposed in Intel SPI based products

Summary: Configuration of SPI Flash in platforms based on multiple Intel CPUs allows a local attacker to alter the behavior of the SPI Flash, potentially leading to a Denial of Service. This issue has been root-caused, and the mitigation has been validated and is available. Description:...