Year: 2023
ZDI-23-1806: X.Org Server Window Object Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.4. The following CVEs are assigned: CVE-2023-5380.
NVIDIA to Reveal New AI Innovations at CES 2024
In the lead-up to next month’s CES trade show in Las Vegas, NVIDIA will unveil its latest advancements in artificial intelligence — including generative AI — and a spectrum of other cutting-edge technologies. Scheduled for Monday, Jan. 8, at 8 a.m. PT, the company’s special address will be publicly streamed. Save the date and plan …
DLSS 3.5 Integration in D5 Render Marks New Era of Real-Time Rendering
Editor’s note: This post is part of our weekly In the NVIDIA Studio series, which celebrates featured artists, offers creative tips and tricks, and demonstrates how NVIDIA Studio technology improves creative workflows. NVIDIA DLSS 3.5 for realistic ray-traced visuals is now available on D5 Render, a real-time 3D creation software. The integration features DLSS Super …
DLSS 3.5 Integration in D5 Render Marks New Era of Real-Time RenderingRead More
ZDI-23-1799: Ivanti Avalanche Incorrect Default Permissions Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-41726.
ZDI-23-1798: PaperCut NG Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2023-6006.
ZDI-23-1797: Schneider Electric C-Bus Toolkit TransferCommand Exposed Dangerous Method Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2023-5402.
ZDI-23-1796: Schneider Electric C-Bus Toolkit FileCommand Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric C-Bus Toolkit. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2023-5399.
ZDI-23-1791: Microsoft Excel SKP File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-33146.
ZDI-23-1790: Microsoft Excel SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-33146.
ZDI-23-1789: Microsoft Excel SKP File Parsing Uninitialized Variable Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2023-33146.
NEWS
-
ZDI-24-295: Autodesk FBX Review ABC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
March 28, 2024This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI... -
ZDI-24-296: Autodesk DWG TrueView DWG File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
March 28, 2024This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk DWG TrueView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI... -
NVIDIA Hopper Leaps Ahead in Generative AI at MLPerf
March 28, 2024It’s official: NVIDIA delivered the world’s fastest platform in industry-standard tests for inference on generative AI. In the latest MLPerf benchmarks, NVIDIA TensorRT-LLM — software that speeds and simplifies the complex job of inference on large language models — boosted...