Tag
#linux
An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.
Categories: News Categories: Ransomware Tags: MSI Tags: Intel Tags: Boot Guard Tags: firmware updates Tags: Money Message The leaked data after the ransomware attack on MSI includes private keys which could be used to bypass Intel Boot Guard (Read more...) The post Ransomware attack on MSI led to compromised Intel Boot Guard private keys appeared first on Malwarebytes Labs.
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
Rollout::UI version 0.5 suffers from a cross site scripting vulnerability.
Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.
Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.
File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.
LockBit maintained its position as the top ransomware attacker and was also observed expanding into the Mac space. (Read more...) The post Ransomware review: May 2023 appeared first on Malwarebytes Labs.