CVE-2019-18629

Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a...

Unauthorized Access Vulnerability in HP LaserJet Pro MFP Series Printers

The HP LaserJet Pro MFP series of printers is an all-in-one printer from HP. An unauthorized access vulnerability exists in the HP LaserJet Pro MFP series printers, which can be exploited by an attacker to gain direct access to the printer control interface without logging in...

Multiple Xerox Product Encryption Issues Vulnerabilities

The Xerox 3655i, among others, is a multifunction printer from Xerox USA. A security vulnerability exists in several Xerox products. The following products and versions are affected: 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 device...

Shopify: [h1-2102] HTML injection in packing slips can lead to physical theft

Summary: A HTML injection vulnerability exists in the packing slip generator, allowing customers to alter the logistical process of their and other's orders for shops that choose to display the user's e-mail address on the packing slip. The success rate depends on the shops setup and can result i...

Experts Detail A Recent Remotely Exploitable Windows Vulnerability

More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager NTLM that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 CVSS score 4.3, was described as a "remotely exploitable" bug...

Microsoft Windows splwow64 Out-Of-Bounds Read Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...

Vulnerability Spotlight: Multiple vulnerabilities in PrusaSlicer

Lilith of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two out-of-bounds write vulnerabilities in Prusa Research’s PrusaSlicer. Prusa Slicer is an open-source 3-D printer slicing program forked off Slic3r that can convert various 3-D model fil...

Microsoft Windows splwow64 Out-Of-Bounds Read Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...

Microsoft Windows splwow64 Out-Of-Bounds Read Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...

Microsoft Windows splwow64 Untrusted Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...

January 12, 2021—KB4598243 (OS Build 14393.4169) - EXPIRED

January 12, 2021—KB4598243 OS Build 14393.4169 - EXPIRED NEW 8/5/21 EXPIRATION NOTICEIMPORTANT As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality...

January 12, 2021—KB4598229 (OS Build 18363.1316) - EXPIRED

January 12, 2021—KB4598229 OS Build 18363.1316 - EXPIRED NEW 8/5/21 EXPIRATION NOTICEIMPORTANT As of 8/5/2021, this KB is no longer available from Windows Update, the Microsoft Update Catalog, or other release channels. We recommend that you update your devices to the latest security quality...

January 12, 2021—KB4598279 (Monthly Rollup)

January 12, 2021—KB4598279 Monthly Rollup IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. NEW 11/10/20 For information about the various types of Windows updates, such as critical, security, driver, service...

January 12, 2021—KB4599208 (OS Build 15063.2614)

January 12, 2021—KB4599208 OS Build 15063.2614 Current status of Windows 10, version 1703 Surface Hub devices remain in support. Starting on November 12, 2019, updates for Windows 10, version 1703 will be available only for Surface Hub devices. Update information and Surface Hub known issues will...

FBI Warns of Egregor Attacks on Businesses Worldwide

The FBI has alerted companies in the private sector to a spate of attacks using the Egregor ransomware. The malware currently is raging a warpath across businesses worldwide and has already compromised more than 150 organizations. The agency issued an advisory PDF that also shed new light and...

(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

(0Day) Microsoft Windows splwow64 Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...

Pytmipe - Python Library And Client For Token Manipulations And Impersonations For Privilege Escalation On Windows

PYTMIPE PYthon library for Token Manipulation and Impersonation for Privilege Escalation is a Python 3 library for manipulating Windows tokens and managing impersonations in order to gain more privileges on Windows. TMIPE is the python 3 client which uses the pytmipe library. Content A python...

June 18, 2020—KB4567523 (OS Build 19041.331)

June 18, 2020—KB4567523 OS Build 19041.331 IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional...

i-SENSYS MF237w Information Disclosure Vulnerability

i-SENSYS MF237w is a 4-in-1 multifunction laser printer from Canon for small offices. i-SENSYS MF237w 06.07 is vulnerable to an information disclosure. The vulnerability stems from improper handling of inconsistent length parameters by the IPv4/ICMPv4 component. An attacker could exploit the...