CVE-2023-29532

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not...

CVE-2023-29532

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not...

Comparing Ether values using equality operators (== or !=) can be very hard to match each other . This will always reverts

Lines of code Vulnerability details Impact Comparing Ether values using equality operators can be very hard to match each other because Ether values are stored in a 256-bit unsigned integer uint256 in Solidity. This means that there are a very large number of possible Ether values, and it is very...

New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies

Vietnamese public companies have been targeted as part of an ongoing campaign that deploys a novel backdoor called SPECTRALVIPER. "SPECTRALVIPER is a heavily obfuscated, previously undisclosed, x64 backdoor that brings PE loading and injection, file upload and download, file and directory...

CVE-2023-28386

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrar...

CVE-2022-4418

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office Windows before build 40208...

Privilege escalation

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office Windows before build 40208...

CVE-2022-4418

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office Windows before build 40208...

CVE-2022-4418

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office Windows before build 40208...

Acronis Cyber Protect 数据伪造问题漏洞

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Singapore. It combines backup, anti-malware, cybersecurity and endpoint management features such as vulnerability assessment, URL filtering, patch management, and more. A security vulnerabili...

PT-2023-14433 · Acronis · Acronis Cyber Protect Home Office

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Home Office Windows versions before build 40208 Description: The issue is related to local privilege escalation due to the unrestricted loading of unsigned libraries. Recommendations: For Acronis Cyber Protect Home Offic...

kernel: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level

An integer overflow exists in the linux kernel such that the value returned from acpifindlastcachelevel is then assigned to unsigned fwlevel, which will result in the number of cache leaves calculated incorrectly, resulting in damage to the confidentiality, integrity, and availability of the syst...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : protobuf-c (SUSE-SU-2023:2143-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2143-1 advisory. - protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CVE-2022-48468 Note th...

SUSE: Security Advisory (SUSE-SU-2023:2143-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:2143-1 Security update for protobuf-c

This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. bsc1210323...

kernel: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level

An integer overflow exists in the linux kernel such that the value returned from acpifindlastcachelevel is then assigned to unsigned fwlevel, which will result in the number of cache leaves calculated incorrectly, resulting in damage to the confidentiality, integrity, and availability of the syst...

kernel: firmware: arm_scmi: Fix list protocols enumeration in the base protocol

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix list protocols enumeration in the base protocol While enumerating protocols implemented by the SCMI platform using BASEDISCOVERLISTPROTOCOLS, the number of returned protocols is currently validated in an...

Fedora 38 : libsignal-protocol-c (2023-4e094d5297)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4e094d5297 advisory. Backport a fix for CVE-2022-48468 for protobuf-c, which is bundled in libsignal-protocol-c...

Fedora 37 : libsignal-protocol-c (2023-6cfe134db6)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6cfe134db6 advisory. Backport a fix for CVE-2022-48468 for protobuf-c, which is bundled in libsignal-protocol-c...

Fedora 36 : libsignal-protocol-c (2023-8b0938312e)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8b0938312e advisory. Backport a fix for CVE-2022-48468 for protobuf-c, which is bundled in libsignal-protocol-c...