Month: March 2023
ZDI-23-378: Microsoft Windows IKEEXT Service Vendor ID Null Pointer Dereference Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability.
ZDI-23-377: TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not required to exploit this vulnerability.
ZDI-23-376: Microsoft Excel SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-375: Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Pwn2Own Vancouver 2023 – Day Three Results
That’s a wrap for Pwn2Own Vancouver! Contestants disclosed 27 unique zero-days and won a combined $1,035,000 (and a car)! Congratulations to the Masters of Pwn, Synacktiv (@Synacktiv), for their huge success and hard work! They earned 53 points, $530,000, and a Tesla Model 3. Team Synacktiv: Eloi Benoist-Vanderbeken, David Berard, Vincent Dehors, Tanguy Dubroca, Thomas …
Pwn2Own Vancouver 2023 – Day Two Results
Welcome to Day 2 of Pwn2Own Vancouver 2023! We’ll be updating this blog in real time as results become available. We’re excited to say that all unique winning entries will receive the full payout during this year’s contest. We’ll update this blog throughout the day with results as they come in. SUCCESS / COLLISION – …
Pwn2Own Vancouver 2023 – Day One Results
Welcome to Pwn2Own Vancouver 2023! We’ll be updating this blog in real time as results become available. We have eight attempts for today, including a SharePoint RCE and a Tesla exploit. We’re excited to say that all unique winning entries will receive the full payout during this year’s contest. We’ll update this blog throughout the …
April Showers Bring 23 New GeForce NOW Games Including ‘Have a Nice Death’
It’s another rewarding GFN Thursday, with 23 new games for April on top of 11 joining the cloud this week and a new Marvel’s Midnight Suns reward now available first for GeForce NOW Premium members. There are dozens of us…dozens! Newark, N.J., is next to complete its upgrade to RTX 4080 SuperPODs, making it the …
April Showers Bring 23 New GeForce NOW Games Including ‘Have a Nice Death’Read More
Blender Update 3.5 Fuels 3D Content Creation, Powered by NVIDIA GeForce RTX GPUs
Editor’s note: This post is part of our weekly In the NVIDIA Studio series, which celebrates featured artists, offers creative tips and tricks, and demonstrates how NVIDIA Studio technology improves creative workflows. We’re also deep diving on new GeForce RTX 40 Series GPU features, technologies and resources, and how they dramatically accelerate content creation. It’s …
Blender Update 3.5 Fuels 3D Content Creation, Powered by NVIDIA GeForce RTX GPUsRead More
ZDI-23-341: Schneider Electric IGSS openReport Improper Input Validation Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
NEWS
-
ZDI-24-353: Softing edgeConnector Siemens Cleartext Transmission of Credentials Authentication Bypass Vulnerability
March 29, 2024This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.0. The following CVEs are assigned: CVE-2024-0860. -
ZDI-24-354: Schneider Electric EcoStruxure Power Design – Ecodial BinSerializer Deserialization of Untrusted Data Remote Code Execution Vulnerability
March 29, 2024This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Design - Ecodial. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a... -
ZDI-24-355: Wireshark NetScreen File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
March 29, 2024This vulnerability allows remote attackers to execute arbitrary code on affected installations of Wireshark. User interaction is required to exploit this vulnerability in that the target must open a specially crafted packet capture file. The ZDI has assigned a CVSS...