61 matches found
CVE-2021-33625
An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate function of the EFISMMCOMMUNICATIONPROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses...
ROS-20220125-19
The XFS file system vulnerability is due to the OS kernel incorrectly imposing security restrictions security restrictions. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information on the system...
CVE-2022-22161
An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipte...
CVE-2022-22168
An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead t...
CVE-2022-22168
An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead t...
CVE-2022-22161
An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipte...
New Security Signals study shows firmware attacks on the rise; here’s how Microsoft is working to help eliminate this entire class of threats
Cybersecurity threats are always evolving, and today we’re seeing a new wave of advanced attacks targeting areas of computing that don’t have the protection of the cloud. New data shows that firmware attacks are on the rise, and businesses aren’t paying close enough attention to securing this...
CVE-2020-12933
A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS e.g. version 26.20.15029.27017. A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a...
CVE-2020-12933
A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS e.g. version 26.20.15029.27017. A specially crafted D3DKMTEscape API request can cause an out-of-bounds read in Windows OS kernel memory area. This vulnerability can be triggered from a...
CVE-2020-12933
CVE-2020-12933 describes a denial-of-service in the D3DKMTEscape handler of the AMD ATIKMDAG.SYS driver (e.g., version 26.20.15029.27017). A crafted D3DKMTEscape request can trigger an out-of-bounds read in Windows kernel memory, with exploitation possible from a non-privileged/guest context. Pub...
New ‘CacheOut’ Attack Targets Intel CPUs
Researchers have identified a new speculative execution type attack, dubbed CacheOut, that could allow attackers to trigger data leaks from most Intel CPUs. The more serious of the two bugs, revealed Monday, is rated medium severity by Intel, who said fixes for both flaws are on the way. The more...
New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave
Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel,...
Amazon Kindle Fire HD(3rd) Fire OS Denial of Service Vulnerability (CNVD-2019-27568)
The Amazon Kindle Fire HD 3rd is the third generation of the Fire tablet product from Amazon.com USA, for which Fire OS is the operating system used. A denial of service vulnerability exists in kernel/omap/drivers/rpmsg/rpmsgomx.c in the kernel component of the Amazon Kindle Fire HD3rd Fire OS. A...
Experts Weigh In On Spectre Patch Challenges
The race to patch against the Meltdown and Spectre processor vulnerabilities disclosed last week is on. As of today, there are no known exploits in the wild impacting vulnerable Intel, AMD and ARM devices. Currently, vendors are focused on three main mitigation efforts. Patches that address the...
Memory corruption
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...
CVE-2015-8553
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777...
CVE-2015-0777
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 aka the Xen 3.4.x support patches for the Linux kernel 2.6.18, as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory...
Did the “Man With No Name” Feel Insecure?
Posted by James Forshaw, Taker of Names Sometimes when I'm doing security research I'll come across a bug which surprises me. I discovered just such a bug in the Windows version of Chrome which exposed a little-known security detail in the OS. The bug, CVE-2014-3196 was fixed in M38, so it seemed...
KSplice : Installed Patches
Ksplice is being used to maintain the remote host's operating system kernel without requiring reboots. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65047; scriptversion"1.5"; scriptsetattributeattribute:"pluginmodificationdate", value:"2026/06/17";...
SAP /sap/bc/soap/rfc SOAP Service TH_SAPREL Function Information Disclosure
This module attempts to identify software, OS and DB versions through the SAP function THSAPREL using the /sap/bc/soap/rfc SOAP service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspire...