SUSE-SU-2024:2980-1 Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM configuration by malicious program with ring0 access bsc1229069...

SUSE SLES12 Security Update : kernel-firmware (SUSE-SU-2024:2911-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2911-1 advisory. - CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM configuration by malicious program with...

SUSE-SU-2024:2911-1 Security update for kernel-firmware

This update for kernel-firmware fixes the following issues: - CVE-2023-31315: Fixed validation in a model specific register MSR that lead to modification of SMM configuration by malicious program with ring0 access bsc1229069...

CVE-2023-31315

Improper validation in a model specific register MSR could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution...

CVE-2023-31315

Improper validation in a model specific register MSR could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution...

CVE-2024-36246

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-36246

CVE-2024-36246 corresponds to a Missing Authorization for coejobhook Command Execution (CWE-862) in Yokogawa Unifier and Unifier Cast. Public sources confirm an Arbitrary Code Execution vector with LocalSystem privileges if exploited. Affected versions include Unifier and Unifier Cast 5.0+ (befor...

CVE-2024-36246

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-36246

Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-23847

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

CVE-2024-23847

The CVE-2024-23847 issue affects Yokogawa Unifier and Unifier Cast (Unifier 5.0+ and Unifier Cast 5.0+, up to before v5.10.6; unpatched versions). Root cause: Incorrect default permissions (Cast Launcher CWE-276) enabling arbitrary code execution with LocalSystem privileges. Impact: potential ins...

CVE-2024-23847

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

Corel Parallels Desktop 安全漏洞

Parallels Desktop is a virtual machine management software that runs on mac computers and allows users to easily run Windows/Linux operating systems and applications under macOS. A malicious program in quarantine can escape through the virtual machine to execute arbitrary code in the host compute...

CVE-2023-28929

Trend Micro Security 2021, 2022, and 2023 Consumer are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started...

Design/Logic Flaw

Trend Micro Security 2021, 2022, and 2023 Consumer are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started...

CVE-2023-28929

Trend Micro Security 2021, 2022, and 2023 Consumer are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started...

CVE-2023-28399

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System CHS versions prior to 3.5.3. ACL Access Control List is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC whe...

Code injection

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System CHS versions prior to 3.5.3. ACL Access Control List is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC whe...

CVE-2023-28399

Incorrect permission assignment for critical resource exists in CONPROSYS HMI System CHS versions prior to 3.5.3. ACL Access Control List is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC whe...

Interactive `run` permission prompt spoofing via improper ANSI neutralization

Summary Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a opspawnchild or opkill prompt and replace it with any desired text. Details The main entry point comes down to the ability to override what the API control says 40process.js...