This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric IGSS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiClient VPN. Authentication is required to exploit this vulnerability.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CODESYS Development System. Authentication is not required to exploit this vulnerability.
Daniel Moghimi discovered that some Intel(R) Processors did not properly clear
microarchitectural state after speculative execution of various instructions. A
local unprivileged user could use this to obtain to sensitive
information. (CVE-2022-40982)
It was discovered that some Intel(R) Xeon(R) Processors did not properly
restrict error injection for Intel(R) SGX or Intel(R) TDX. A local privileged
user could use this to further escalate their privileges. (CVE-2022-41804)
It was discovered that some 3rd Generation Intel(R) Xeon(R) Scalable processors
did not properly restrict access in some situations. A local privileged attacker
could use this to obtain sensitive information. (CVE-2023-23908)
Several vulnerabilities have been discovered in Samba, which could result
in information disclosure, denial of service or insufficient enforcement
of security-relevant config directives.
Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop.
Multiple vulnerabilities were discovered in the RealMedia demuxers for
the GStreamer media framework, which may result in denial of service or
potentially the execution of arbitrary code if a malformed media file
is opened.
Results from the National Institute of Water and Atmospheric Research Limited annual squid survey:
This year, the team unearthed spectacular large hooked squids, weighing about 15kg and sitting at 2m long, a Taningia—which has the largest known light organs in the animal kingdom—and a few species that remain very rare in collections worldwide, such as the “scaled” squid Lepidoteuthis and the Batoteuthis skolops.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Posted by Paul Szabo via Fulldisclosure on Aug 11
=== Introduction ===================================================
My institution uses Qualys
www.qualys.com
to scan for vulnerabilities, including on some Debian Linux machines
that I manage. The scanner does some network scans, and also logs in
to each machine to do “authenticated scans”.
=== Discovery ======================================================
When I recently updated my machines from Debian11 to Debian12, the…
Posted by Weber Thomas via Fulldisclosure on Aug 11
St. Pölten UAS
——————————————————————————-
title| Multiple XSS in Advantech
product| Advantech EKI-1524-CE series, EKI-1522 series,
| EKI-1521 series
vulnerable version| <=1.21 (CVE-2023-4202), <=1.24 (CVE-2023-4203)
fixed version| 1.26
CVE number| CVE-2023-4202, CVE-2023-4203
impact| Medium…
