Security
Headlines
HeadlinesLatestCVEs

Tag

#bios

CVE-2023-34251: Server Side Template Injection (SSTI)

Grav is a file-based Web platform. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this issue.

CVE
Open in Source
#sql#web#ios#mac#windows#apple#git#java#php#rce#bios#auth#ssh#postgres
CVE-2022-31642: HP PC BIOS August 2022 Security Updates for Potential SMM and TOCTOU Vulnerabilities

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

CVE-2022-31635: HP PC BIOS November 2022 Security Updates for Potential TOCTOU Vulnerabilities

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

CVE-2023-31439: Releases · systemd/systemd

An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications.

CVE-2023-31195: RT-AX3000|WiFi Routers|ASUS Global

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. When an attacker is in a position to be able to mount a man-in-the-middle attack, and a user is tricked to log into the affected device through an unencrypted ('http') connection, the user's session may be hijacked.

CVE-2022-27541: HP PC BIOS February 2023 Security Update (TOCTOU)

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

Introduction to confidential virtual machines

In this post, we will present confidential virtual machines (CVMs) as one of the use cases of confidential computing as well as the security benefits expected from this emerging technology. We will focus on the high level requirements for the Linux guest operating system to ensure data confidentiality both in use and at rest. This blog follows the recent release of Red Hat Enterprise Linux 9.2 running on Azure Confidential VMs. CVMs are also a critical building block for the upcoming OpenShift confidential containers in OpenShift 4.13 (dev-preview). For additional details on OpenShift

A DIY Guide To Become An Alone Long Time Bughunter For Ordinary People

Whitepaper called Bughunter's Life-Style: A DIY guide to become an alone long time bughunter for ordinary people. Written in Spanish.

CVE-2023-33684: Zero Science Lab » Screen SFT DAB 600/C Authentication Bypass Account Creation Exploit

Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol.

CVE-2022-48188: Multi-vendor BIOS Security Vulnerabilities (May 2023) - Lenovo Support US

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.