ZDI-23-842: VMware Aria Operations for Networks exportPDF Code Injection Information Disclosure Vulnerability

June 8, 2023

Read Time:8 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware Aria Operations for Networks. Authentication is required to exploit this vulnerability.

Advisories

ZDI-23-843: (Pwn2Own) Samsung Galaxy S22 McsWebViewActivity Permissive List of Allowed Inputs Remote Code Execution Vulnerability

June 8, 2023

Read Time:12 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S22 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-23-844: Apple macOS Hydra USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

June 8, 2023

Read Time:11 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

Advisories

ZDI-23-845: (Pwn2Own) Apple macOS /dev/fd Race Condition Local Privilege Escalation Vulnerability

June 8, 2023

Read Time:11 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Advisories

ZDI-23-846: (Pwn2Own) Western Digital MyCloud PR4100 Information Disclosure Vulnerability

June 8, 2023

Read Time:8 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-23-847: (Pwn2Own) Western Digital MyCloud PR4100 Authentication Bypass Vulnerability

June 8, 2023

Read Time:8 Second

This vulnerability allows remote attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100 NAS devices. Some user interaction is required to exploit this vulnerability.

Advisories

ZDI-23-848: (Pwn2Own) Western Digital MyCloud PR4100 restsdk Directory Traversal Arbitrary File Read and Write Vulnerability

June 8, 2023

Read Time:11 Second

This vulnerability allows remote attackers to create and read arbitrary files on affected installations of Western Digital MyCloud PR4100 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

Advisories

ZDI-23-849: (Pwn2Own) Western Digital MyCloud PR4100 do_reboot Command Injection Remote Code Execution Vulnerability

June 8, 2023

Read Time:10 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

Advisories

ZDI-23-850: (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability

June 8, 2023

Read Time:9 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-23-851: (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Service Vulnerability

June 8, 2023

Read Time:9 Second

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability.

Cyber Security News

Monthly Archives: June 2023

ZDI-23-842: VMware Aria Operations for Networks exportPDF Code Injection Information Disclosure Vulnerability

ZDI-23-843: (Pwn2Own) Samsung Galaxy S22 McsWebViewActivity Permissive List of Allowed Inputs Remote Code Execution Vulnerability

ZDI-23-844: Apple macOS Hydra USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-23-845: (Pwn2Own) Apple macOS /dev/fd Race Condition Local Privilege Escalation Vulnerability

ZDI-23-846: (Pwn2Own) Western Digital MyCloud PR4100 Information Disclosure Vulnerability

ZDI-23-847: (Pwn2Own) Western Digital MyCloud PR4100 Authentication Bypass Vulnerability

ZDI-23-848: (Pwn2Own) Western Digital MyCloud PR4100 restsdk Directory Traversal Arbitrary File Read and Write Vulnerability

ZDI-23-849: (Pwn2Own) Western Digital MyCloud PR4100 do_reboot Command Injection Remote Code Execution Vulnerability

ZDI-23-850: (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability

ZDI-23-851: (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Service Vulnerability

News, Advisories and much more