EUVD-2021-25018

Malware in sbrugna...

EUVD-2022-34347

Malicious code in bioql PyPI...

📄 Glass Cage Zero-Click iMessage Exploit Details

Glass Cage, a vulnerability chain discovered on iOS 18.2, enables an attacker to compromise a device silently by sending a single malicious PNG image via iMessage. The exploit bypasses multiple layers of Apple's defenses, including BlastDoor, WebKit sandboxing, and CoreMedia memory protections...

New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking

A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller BMC software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085 , carries a CVSS v4 score of 10.0,...

CVE-2024-28754

RaspAP aka raspap-webgui through 3.0.9 allows remote attackers to cause a persistent denial of service bricking via a crafted request...

HP Claims Monopoly on Ink, Alleges 3rd-Party Cartridge Malware Risk

By Deeba Ahmed HP CEO Enrique Lores defended HP's practice of bricking printers when loaded with third-party ink. This is a post from HackRead.com Read the original post: HP Claims Monopoly on Ink, Alleges 3rd-Party Cartridge Malware Risk...

Unsafe use of balanceOf(address(this))

Lines of code Vulnerability details Impact AfEth.deposit can be bricked. Proof of Concept AfEth makes use of its own balance of afEth as a temporary store of afEth for withdrawal requests. On requestWithdraw afEth is transferred to the AfEth contract and these are then burned on withdraw. The...

Code injection

fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device...

CVE-2021-35954

fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug SWD feature...

ownerMintUsingTokenId can brick the whole contract

Lines of code Vulnerability details Impact With the function ownerMintUsingTokenId, it is possible for the owner to mint a token with an arbitrary token ID. However, this can brick the whole contract and cause a situation where no more mints / buys are possible. This happens when a token ID is...

CVE-2022-2044

MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device...

CVE-2022-2044

MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device...

NounsDAOLogic.sol would become bricked if NoansDAOExecutor.sol admin ever changes

Lines of code Vulnerability details Impact NounsDAOLogic.sol would become bricked and upgradability would be completely broken Proof of Concept In the current setup, NoansDAOExecutor.sol is both admin and timelock for NounsDAOLogic.sol. If the admin for NoansDAOExecutor.sol was ever changed,...

EulerOS Virtualization 2.10.1 : edk2 (EulerOS-SA-2022-2072)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently bric...

updateValset() Insufficient validation of new validator set may brick the contract

Lines of code Vulnerability details In Gravity.solupdateValset, while the signatures of the current validators are verified and = powerThreshold is checked, there is one important validation should be done: check the cumulative power of the new validator set to ensure the contract has sufficient...

CVE-2021-38576

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system...

CVE-2021-38576

A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system...

PT-2021-8089 · Intel +2 · Tianocore Edk2 +2

Name of the Vulnerable Software and Affected Versions: Tianocore edk2 affected versions not specified Description: The issue concerns a BIOS bug and a library vulnerability. The BIOS bug affects the Platform authorization value, leaving it empty, which can lead to the permanent bricking of the TP...

TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions

The TrickBot malware has morphed once again, this time implementing functionality designed to inspect the UEFI/BIOS firmware of targeted systems. It marks a serious resurgence following an October takedown of the malware’s infrastructure by Microsoft and others. The Windows Unified Extensible...

CVE-2019-12789

An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence Ctrl-\ to obtain a shell with root privileges. After gaining root access, the attacker can...