Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-34567: Tenda AC10 v4 was discovered stack overflow via parameter list at url /goform/SetVirtualServerCfg - HackMD

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.

CVE
Open in Source
#vulnerability#web#mac#windows#apple#auth#chrome#webkit
CVE-2023-34571: Tenda AC10 v4 was discovered stack overflow via parameter shareSpeed at url /goform/WifiGuestSet - HackMD

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.

CVE-2023-34568: Tenda AC10 v4 was discovered stack overflow via parameter time at url /goform/PowerSaveSet - HackMD

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.

RenderDoc 1.26 Local Privilege Escalation / Remote Code Execution

RenderDoc versions 1.26 and below suffer from integer underflow, integer overflow, and symlink vulnerabilities.

Red Hat Security Advisory 2023-3410-01

Red Hat Security Advisory 2023-3410-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.20.

“Picture in Picture” Technique Exploited in New Deceptive Phishing Attack

By Habiba Rashid The innovative approach, known as “picture in picture,” capitalizes on users’ trust in familiar logos and promotions, making… This is a post from HackRead.com Read the original post: “Picture in Picture” Technique Exploited in New Deceptive Phishing Attack

Update Chrome now! Google patches actively exploited zero-day

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: V8 Tags: heap corruption Tags: type confusion Tags: CVE-2023-3079 Google has released a Chrome update for a zero-day for which an exploit is actively being used in the wild. (Read more...) The post Update Chrome now! Google patches actively exploited zero-day appeared first on Malwarebytes Labs.

CVE-2023-34239: Prevent path traversal in `/file` routes by abidlabs · Pull Request #4370 · gradio-app/gradio

Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Introduction to confidential virtual machines

In this post, we will present confidential virtual machines (CVMs) as one of the use cases of confidential computing as well as the security benefits expected from this emerging technology. We will focus on the high level requirements for the Linux guest operating system to ensure data confidentiality both in use and at rest. This blog follows the recent release of Red Hat Enterprise Linux 9.2 running on Azure Confidential VMs. CVMs are also a critical building block for the upcoming OpenShift confidential containers in OpenShift 4.13 (dev-preview). For additional details on OpenShift

Confidential containers on Azure with OpenShift: setup guide

Confidential containers (CoCo) is a new feature of Red Hat OpenShift sandboxed containers that leverages Trusted Execution Environment (TEE) technology to isolate your containers from the host and other containers. In this blog post, you will learn how to set up OpenShift sandboxed containers with confidential containers support on an OpenShift cluster hosted on Azure, using AMD SEV-SNP technology. You will also see how to create and run a confidential container that can process confidential data more securely and efficiently. For more information on confidential containers running on Az