Month: October 2022
Vulnerabilities in Apache Batik Default Security Controls – SSRF and RCE Through Remote Class Loading
Introduction I stumbled upon the Apache Batik library while researching other Java-based products. It immediately caught my attention, as this library parses Scalable Vector Graphics (SVG) files and transforms them into different raster graphics formats (i.e., PNG, PDF, or JPEG). I was even more encouraged when I looked at the Batik documentation. It was obvious …
GeForce RTX 40 Series Receives Massive Creator App Benefits This Week ‘In the NVIDIA Studio’
Editor’s note: This post is part of our weekly In the NVIDIA Studio series, which celebrates featured artists, offers creative tips and tricks, and demonstrates how NVIDIA Studio technology improves creative workflows. We’re also deep diving on new GeForce RTX 40 Series GPU features, technologies and resources, and how they dramatically accelerate content creation. Artists …
Think Fast: Lotus Eletre Tops Charts in Driving and AI Compute Speeds, Powered by NVIDIA DRIVE Orin
One of the biggest names in racing is going even bigger. Performance automaker Lotus launched its first SUV, the Eletre, earlier this week. The fully electric vehicle sacrifices little in terms of speed and outperforms when it comes to technology. It features an immersive digital cockpit, lengthy battery range of up to 370 miles and …
ZDI-22-1489: Delta Industrial Automation InfraSuite Device Master WriteConfiguration Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability.
ZDI-22-1488: Delta Industrial Automation InfraSuite Device Master APRunning Missing Authentication Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability.
ZDI-22-1487: Delta Industrial Automation InfraSuite Device Master DeSerializeBinary Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation InfraSuite Device Master Device-Monitor. User interaction is required to exploit this vulnerability in that the target client must connect to a malicious server.
ZDI-22-1486: Delta Industrial Automation InfraSuite Device Master ModifyPrivByID Missing Authentication Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges or create a denial-of-service condition on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to create a denial-of-service condition. Authentication is required to achieve privilege escalation.
CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched code injection vulnerability in the Sophos Firewall. The bug is due to improper validation of JSON keys submitted in the “JSON” parameter sent to the Controller endpoint. Successful …
CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code InjectionRead More
The October 2022 Security Update Review
Another Patch Tuesday is here, and Adobe and Microsoft have released their latest crop of new security updates and fixes. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings. Adobe Patches for October 2022 For October, Adobe released four patches addressing 29 vulnerabilities …
MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary Ninja
Disclosure of uninitialized memory is one of the common problems faced when copying data across trust boundaries. This can happen between the hypervisor and guest OS, kernel and user space, or across the network. The most common bug pattern noticed among these cases is where a structure or union is allocated in memory, and some …
MindShaRE: Analyzing BSD Kernels for Uninitialized Memory Disclosures using Binary NinjaRead More
NEWS
-
ZDI-23-1494: Apple Safari TypedArray copyWithin Integer Underflow Remote Code Execution Vulnerability
September 30, 2023This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. -
ZDI-23-1493: G Data Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability
September 30, 2023This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. -
ZDI-23-1492: Linux Kernel XFRM Out-Of-Bounds Read Information Disclosure Vulnerability
September 30, 2023This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.