Security
Headlines
HeadlinesLatestCVEs

Tag

#bios

Lateral Movement – WebClient

Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient

Pentestlab
Open in Source
#web#ios#mac#windows#microsoft#git#ldap#samba#bios#auth
Lateral Movement – WebClient

Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading → Lateral Movement – WebClient

CVE-2021-21816: TALOS-2021-1281 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2021-21557: DSA-2021-103: Dell PowerEdge Server Security Update for BIOS Vulnerabilities

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System Management Mode.

CVE-2020-8700: INTEL-SA-00463

Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2019-25045

An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.

CVE-2021-21551: DSA-2021-088: Dell Client Platform -suojauspäivitys: Dellin dbutil-ohjaimen riittämätön käytön hallinta -haavoittuvuus

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

CVE-2021-28927: Libretro – A crossplatform application API, powering the crossplatform gaming platform RetroArch

The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names.

CVE-2020-0590: INTEL-SA-00358

Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2020-8738: INTEL-SA-00390

Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.