Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-2598: security - Linux kernel io_uring out-of-bounds access to physical memory

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.

CVE
Open in Source
#web#mac#windows#linux#git#php#auth
Microsoft gives Apple a migraine

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: macOS Tags: Ventura 13.4 Tags: Monterey 12.6.6 Tags: Big Sur 11.7.7 Tags: libxpc Tags: SIP Tags: XPC Tags: NVRAM Tags: CVE-2023-32369 Tags: Migraine Microsoft has released details about a vulnerability that can bypass macOS's System Integrity Protection (Read more...) The post Microsoft gives Apple a migraine appeared first on Malwarebytes Labs.

GHSA-f7qw-jj9c-rpq9: In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file

> **Note** > > The official templates of Lima, and the well-known third party products (Colima, Rancher Desktop, and Finch) are *unlikely* to be affected by this issue. ### Impact A virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. To exploit this issue, the attacker has to embed the target file path (an absolute or a relative path from the instance directory) in a malicious disk image, as the [qcow2 (or vmdk) backing file path string](https://gitlab.com/qemu-project/qemu/-/blob/v8.0.0/docs/interop/qcow2.txt#L23-L34). As Lima refuses to run as the root, it is practically impossible for the attacker to read the entire host disk via `/dev/rdiskN`. Also, practically, the attacker cannot read at least the first 512 bytes (MBR) of the target file. ### Patches Patched in Lima v0.16.0, by prohibiting using a backing file path in the VM base image. ### Workarounds Do not use an untrusted d...

CVE-2023-33642: H3C Magic R300-2100M was discovered stack overflow via the Edit_BasicSSID interface at /goform/aspForm - HackMD

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm.

CVE-2023-33643: H3C Magic R300-2100M was discovered stack overflow via the AddWlanMacList interface at /goform/aspForm - HackMD

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm.

CVE-2023-33638: H3C Magic R300-2100M was discovered stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm - HackMD

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm.

CVE-2023-33635: H3C Magic R300-2100M was discovered stack overflow via the UpdateMacClone interface at /goform/aspForm - HackMD

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm.

CVE-2023-33636: H3C Magic R300-2100M was discovered stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm - HackMD

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm.

CVE-2023-33634: H3C Magic R300-2100M was discovered stack overflow via the EdittriggerList interface at /goform/aspForm - HackMD

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm.

CVE-2023-33640: H3C Magic R300-2100M was discovered stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm - HackMD

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm.