Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2022-42271: NVIDIA DGX A100 Server and DGX Station A100 - December 2022

NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution

CVE
Open in Source
#vulnerability#web#ios#dos#oracle#intel#bios#buffer_overflow#auth
Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit

The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release

Intel's New Xeon Chip Pushes Confidential Computing to the Cloud

After a delay of more than a year, Intel's on-chip confidential computing feature is coming to all the major cloud providers, starting with Microsoft's Azure.

CVE-2022-38105: TALOS-2022-1590 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.

CVE-2022-38393: TALOS-2022-1592 || Cisco Talos Intelligence Group

A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2022-35401: TALOS-2022-1586 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability.

CVE-2022-38482: HOPEX Platform

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4.

CVE-2022-4700: Eleven Vulnerabilities Patched in Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.

Increasing trust, commitment, and predictability during a remote incident response

In this blog post, Cisco Talos Incident Response (Talos IR) presents some of the key benefits of remote IR support and offers a list of recommendations for working on a remote incident.

Vade Releases Advanced Threat Intel & Investigation Capabilities

New Add-On Empowers SOCs and MSPs to Automate & Orchestrate Incident Response for Microsoft 365.