QSC 2022: Qualys’ Threat Research Unit (TRU) – Our Shield Is Your Shield

Day two of QSC profiled the special launch of the Qualys Threat Research Unit, TRU. Taking the audience through a madcap tour of what the threat research unit is doing to provide intelligence and actionable insights into its census was Travis Smith, VP of Qualys Threat Research Unit. He dove deep...

PT-2022-24200 · Intel · Intel Nuc 11 Compute Element

Name of the Vulnerable Software and Affected Versions: IntelR NUC 11 Compute Elements versions prior to EBTGL357.0065 Description: The issue is related to improper input validation in the BIOS firmware, which may allow a privileged user to potentially enable escalation of privilege via local...

SAMSUNG Mobile devices 缓冲区错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from South Korea's Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Nov-2022 Release 1, which stems from an input validation vulnerability in the processing of the SIB...

CVE-2022-32603

In gpu drm, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310704; Issue ID: ALPS07310704...

kernel: KVM: x86/mmu: make apf token non-zero to fix bug

A hang vulnerability is possible in the Linux kernel in arch/x86/kvm/mmu/mmu.c. This issue may lead to compromised availability...

kernel: KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Zap all roots when unmapping gfn range in TDP MMU Zap both valid and invalid roots when zapping/unmapping a gfn range, as KVM must ensure it holds no references to the freed page after returning from the unmap...

ARM Midgard GPU Kernel Driver 安全漏洞

ARM Midgard GPU Kernel Driver is a Mali GPU device driver from ARM UK. A security vulnerability exists in the ARM Midgard GPU Kernel Driver versions r4p0 through r31p0, the Bifrost GPU Kernel Driver versions r0p0 through r38p1, r39p0, and the Valhall GPU Kernel Driver versions r19p0 through r38p1...

MediaTek 芯片安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in MediaTek vcu, which stems from a memory reuse after release issue...

hw: cpu: AMD: Branch Type Confusion (non-retbleed)

A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure...

hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)

A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to enable information disclosure via local access...

UNISOC chipset 安全漏洞

UNISOC chipset is an integrated circuit chipset from China's Unisoc Corporation. A security vulnerability exists in UNISOC chipset due to a lack of privilege checking in unit services, which can be exploited by an attacker to cause a local denial of service in the kernel...

Cisco Touch 10 Authentication Error Vulnerability

Cisco Touch 10 is a video conferencing system control unit from Cisco. It is designed for intuitive touch-based interaction with Webex Room Kit Series, Webex Rome Series, and Panorama Series systems, providing instant access to meetings, contacts, directories, and content. An authentication error...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Oct-2022 Release 1 version, which stems from improper protection in the IOMMU...

Security Bulletin: IBM InfoSphere Guardium Database Activity Monitoring is affected by vulnerabilities in OpenSSL (CVE-2014-0076, CVE-2014-0160)

Abstract Security vulnerabilities have been discovered in OpenSSL that affect a 3rd party Component used by IBM InfoSphere Guardium. Content VULNERABILITY DETAILS: CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the...

London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches

The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking," the agency said, adding "he...

SWFTools 缓冲区错误漏洞

SWFTools is a set of utilities for working with Adobe Flash files SWF files from the individual developer Matthias Kramm. A security vulnerability exists in SWFTools that stems from a global buffer overflow in the DCTStream::transformDataUnit location of /xpdf/Stream.cc...

The vulnerability in the web interface of the commutable managed distribution power supply PDU (iBoot-PDU), which allows a hacker to inject operating system commands.

The vulnerability of the iBoot-PDU web interface of a commutable managed distribution power block is related to the possibility of commands being injected. Exploiting this vulnerability could allow an attacker to inject operating system commands remotely...

The vulnerability in the web interface of the commutable managed distribution power supply PDU (iBoot-PDU), which allows a attacker to write a file to the root web directory.

The vulnerability in the web interface of the commutable managed distribution power unit PDU iBoot-PDU is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to write a file to the root web catalog...

PT-2022-20957 · Dataprobe · Dataprobe Iboot Pdu

Name of the Vulnerable Software and Affected Versions: Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 Description: The affected product exposes sensitive data concerning the device. Recommendations: For versions prior to 1.42.06162022, update to version 1.42.06162022 or later to resolve t...

Intel NUC M15 缓冲区错误漏洞

Intel NUC M15 is a laptop kit from Intel Corporation USA. A security vulnerability exists in previous versions of the Intel NUC M15 Laptop Kit BC0076, which stems from an elevation of privilege, executing arbitrary code in System Management Mode, and running arbitrary code in SMM will also bypass...