Ricoh Company, Ltd. Security Vulnerabilities

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CNVD-2024-17975)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge (Chromium-based) suffers from an information disclosure vulnerability that can be exploited by attackers to escape the browser sandbox and obtain sensitive...

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CNVD-2024-17976)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A remote code execution vulnerability exists in Microsoft Edge (Chromium-based), which can be exploited by an attacker to execute arbitrary code on a...

Thousands of Social Security Numbers Stolen in New York Data Breach

Thousands of Social Security numbers have been stolen from the computers of a New York state agency. The Social Security Administration in New York City reports that a subcontractor, who was working for the Office of Temporary Disability Assistance on computer infrastructure upgrades, illegally...

Buffer Overflow Vulnerability in Various Apple Products

Apple macOS Ventura is a desktop operating system from the American company Apple. A buffer overflow vulnerability exists in various Apple products that stems from incorrect validation of input. An attacker could exploit the vulnerability to execute arbitrary code with kernel...

JVN#51770585: EC-CUBE vulnerable to authorization bypass

EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability (CWE-639). ## Impact A user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. ## Solution Apply the...

Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign

As many as 165 customers of Snowflake are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google-owned Mandiant, which is assisting the.....

Cisco Talos at RSAC 2024

With RSAC just a week away, Cisco Talos is gearing up for another year of heading to San Francisco to share in some of the latest major cybersecurity announcements, research and news. We've pulled together the highlights, so you don't miss out on all things Talos. **Tuesday, May 7 ** Joe...

Hacker Poses as Graduate, Hacks Student Emails, Faces Legal Consequences

A hacker who posed as a university graduate to access the emails of hundreds of students has been given a suspended prison sentence and ordered to pay more than £20,000 in costs and compensation. Daniel Woo, a 23-year-old Bulgarian national, was sentenced for offenses under the Misuse of Computers....

Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability - Patch ASAP!

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that...

Meta Pauses AI Training on EU User Data Amid Privacy Concerns

Meta on Friday said it's delaying its efforts to train the company's large language models (LLMs) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC). The company expressed disappointment at.....

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A security feature bypass vulnerability exists in Microsoft Edge (Chromium-based), which can be exploited by an attacker to add malicious scripts to obtain sensitive information from the...

CVE-2023-33059

Memory corruption in Audio while processing the VOC packet data from...

CVE-2023-33074

Memory corruption in Audio when SSR event is triggered after music playback is...

CVE-2023-33055

Memory Corruption in Audio while invoking callback function in driver from...

CVE-2023-33056

Transient DOS in WLAN Firmware when firmware receives beacon including T2LM...

CVE-2023-33035

Memory corruption while invoking callback function of AFE from...

CVE-2023-33028

Memory corruption in WLAN Firmware while doing a memory copy of pmk...

CVE-2023-33027

Transient DOS in WLAN Firmware while parsing rsn...

CVE-2023-33020

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA...

CVE-2023-33021

Memory corruption in Graphics while processing user packets for command...

CVE-2023-28584

Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement...

CVE-2023-33015

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon...

CVE-2023-28576

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to...

CVE-2023-28572

Memory corruption in WLAN HOST while processing the WLAN scan descriptor...

CVE-2023-28570

Memory corruption while processing audio...

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI...

CVE-2023-28556

Cryptographic issue in HLOS during key...

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app...

CVE-2023-28543

A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. from a remote...

CVE-2023-28542

Memory Corruption in WLAN HOST while fetching TX status...

CVE-2023-24855

Memory corruption in Modem while processing security related configuration before AS Security...

CVE-2023-24850

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted...

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask...

CVE-2023-22666

Memory Corruption in Audio while playing amrwbplus clips with modified...

CVE-2023-22667

Memory Corruption in Audio while allocating the ion buffer during the music...

CVE-2023-22386

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate...

CVE-2023-22384

Memory Corruption in VR Service while sending data using Fast Message Queue...

CVE-2023-21664

Memory Corruption in Core Platform while printing the response buffer in...

CVE-2023-21654

Memory corruption in Audio during playback session with audio effects...

CVE-2023-21655

Memory corruption in Audio while validating and mapping...

CVE-2023-21656

Memory corruption in WLAN HOST while receiving an WMI event from...

CVE-2023-21656

Memory corruption in WLAN HOST while receiving an WMI event from...

CVE-2023-21646

Transient DOS in Modem while processing invalid System Information Block...

CVE-2023-21648

Memory corruption in RIL while trying to send apdu...

CVE-2023-21632

Memory corruption in Automotive GPU while querying a gsl memory...

CVE-2023-21628

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1...

CVE-2023-21627

Memory corruption in Trusted Execution Environment while calling service API with invalid...

CVE-2022-40538

Transient DOS due to reachable assertion in modem while processing sib with incorrect values from...

CVE-2022-40536

Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from...

CVE-2022-40531

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID...