ZDI-23-1103: Schneider Electric IGSS UpdateService Exposed Dangerous Method Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric IGSS. An attacker must first obtain the ability to execute low-privileged...
ZDI-23-1104: Fortinet FortiClient VPN Improper Access Control Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiClient VPN. Authentication is required to exploit this vulnerability. Read More
ZDI-23-1105: CODESYS Development System Improper Enforcement of Message Integrity Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CODESYS Development System. Authentication is not required to exploit this vulnerability. Read...
USN-6286-1: Intel Microcode vulnerabilities
Daniel Moghimi discovered that some Intel(R) Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use...
DSA-5477 samba – security update
Several vulnerabilities have been discovered in Samba, which could result in information disclosure, denial of service or insufficient enforcement of security-relevant config directives. Read More
CVE-2021-46895
Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass...
DSA-5476 gst-plugins-ugly1.0 – security update
Multiple vulnerabilities were discovered in the RealMedia demuxers for the GStreamer media framework, which may result in denial of service or potentially the execution of...
Friday Squid Blogging: NIWA Annual Squid Survey
Results from the National Institute of Water and Atmospheric Research Limited annual squid survey: This year, the team unearthed spectacular large hooked squids, weighing about...
Qualys mis-uses ssh, fails to scan and protect, facilitates internal attack
Posted by Paul Szabo via Fulldisclosure on Aug 11 === Introduction =================================================== My institution uses Qualys www.qualys.com to scan for vulnerabilities, including on some Debian...
St. Poelten UAS | Multiple XSS in Advantech EKI 15XX Series
Posted by Weber Thomas via Fulldisclosure on Aug 11 St. Pölten UAS ------------------------------------------------------------------------------- title| Multiple XSS in Advantech product| Advantech EKI-1524-CE series, EKI-1522 series, |...