FreeBSD : AMD CPUs -- Guest Memory Vulnerabilities (7d631146-5769-11ef-b618-1c697a616631)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7d631146-5769-11ef-b618-1c697a616631 advisory. AMD reports: Researchers from IOActive have reported that it may be possible for an attacker with ring ...

AMD CPUs -- Guest Memory Vulnerabilities

AMD reports: Researchers from IOActive have reported that it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode SMM even when SMM Lock is enabled. Improper validation in a model specific register MSR could allow a malicious program with ring0...

Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control

Drones that don't have any known security weaknesses could be the target of electromagnetic fault injection EMFI attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety. The research comes from IOActive, which found that it is...

K7886: Remote vulnerability in the mod_jk2 Apache module VU#771937

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

Security Information Regarding "Profile Programming"

The customer IOActive provided a Security Advisory report to SICK AG referring to the feature profile programming with regards to the listed affected products. Certain SICK products support profile programming with bar codes, generated and printed via SOPAS ET...

Vulnerability in Robots Can Lead To Costly Ransomware Attacks

CANCUN, Mexico – A vulnerability in Softbank Robotics’ NAO and Pepper robots can lead to costly ransomware attacks that could cause robots deployed in businesses to stop working, curse at customers, or even perform violent movements. The vulnerability was disclosed at Kaspersky Lab’s Security...

Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account

Overview Inmarsat Solutions offers a shipboard email client service, AmosConnect 8 AC8, which was designed to be utilized over satellite networks in a highly optimized manner. IOActive has identified two security vulnerabilities in the client software: On-board ship network access could provide...

20 Linksys Router Models Vulnerable To Attack

More than 20 Linksys router models are vulnerable to attacks that allow a third party to reboot, lock out and extract sensitive router data from affected devices. According to IOActive, impacted routers include some of its latest Linksys Smart Wi-Fi Router brands, specifically the EA and WRT...

Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (2)

/ Source: https://ricklarabee.blogspot.com/2017/01/virtual-memory-page-tables-and-one-bit.html Binary: https://github.com/rlarabee/exploits/raw/8b9eb646516d7f022a010f28018209f331c28975/cve-2016-7255/compiled/cve-2016-7255.exe Mirror:...

Panasonic, IOActive Clash on Vulnerability Report

Panasonic Avionics has pushed back against research released Tuesday by IOActive suggesting that in-flight entertainment system firmware used by more than a dozen airlines contains vulnerabilities that allow a local attacker to manipulate data displayed to passengers, or put their personal data a...

In-Flight Entertainment System Flaws Put Passenger Data at Risk

A simple tap on an in-flight entertainment system touchscreen kicked off an intellectual exercise that resulted in the discovery of a number of firmware vulnerabilities in embedded systems used by at least 13 airlines. The vulnerabilities in the Panasonic Avionics IFE firmware could allow a local...

Hack Disarms SimpliSafe's Home Wireless Security Systems

More than a quarter million homes protected by SimpliSafe wireless security systems are vulnerable to hackers who can deactivate the alarm anytime, according to IOActive, a Seattle-based security consulting firm. IOActive published a proof of concept report on Wednesday that outlines how it...

Furuno Voyage Data Recorder (VDR) moduleserv firmware update utility fails to properly sanitize user-provided input

Overview Furuno Voyage Data Recorder VDR VR-3000/VR-3000S and VR-7000 moduleserv firmware update utility fails to properly sanitize user-provided input and is vulnerable to arbitrary command execution with root privileges. Description According to the Furuno VDR product page, the VDR "records all...

Lenovo Patches Vulnerabilities in System Update Service

Lenovo has patched two serious vulnerabilities that hackers could abuse in targeted attacks, or at scale, to easily guess administrator passwords on a compromised device, or elevate privileges to Windows SYSTEM user. The vulnerabilities were patched last Thursday by the manufacturer and details...

GE Multilink Switch Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-013-04 GE MultiLink Switch Vulnerabilities that was published January 13, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Eireann Leverett of IOActive has identified three...

Harman-Kardon Uconnect Vulnerability

OVERVIEW This advisory is a follow-up to the ICS-ALERT titled ICS-ALERT-15-203-01 FCA Uconnect VulnerabilityICS-CERT ALERT, https://ics-cert.us-cert.gov/alerts/ICS-ALERT-15-203-01, web site last accessed September 17, 2015. that was published July 22, 2015, on the NCCIC/ICS-CERT web site. Chris...

Lenovo ThinkPad series computers was traced to multiple security vulnerabilities-vulnerability warning-the black bar safety net

Recently, security firm IOActive at the Lenovo Series of computers found a security vulnerability, the attacker may be on the computers of legitimate applications replaced with malicious app and you can remotely execute malicious instructions. IOActive security researcher in the Bulletin elaborat...

The hacker can bypass the validation into a malicious software-vulnerability warning-the black bar safety net

From the last Association is exposure products pre-installed potentially dangerous software last only 3 months, the company again outgoing security. According to security firm IOActive claim that they in the Lenovo System Update software found on the major vulnerabilities, a hacker can bypass the...

DLA-120-2 xorg-server - regression update

Bulletin has no description...

Mandriva Linux Security Advisory : x11-server (MDVSA-2015:119)

Updated x11-server packages fix security vulnerabilities : Ilja van Sprundel of IOActive discovered several security issues in the X.org X server, which may lead to privilege escalation or denial of service CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096,...