Read Time:4 Second
Ukrainian Ministry of Defense says cyber-attack wiped Russian tax system servers
Monthly Archives: December 2023
ZDI-23-1771: Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2022-26804.
ZDI-23-1772: (0Day) OpenAI ChatGPT Improper Input Validation Model Policy Bypass Vulnerability
Read Time:10 Second
This vulnerability allows remote attackers to bypass policy restictions on affected versions of OpenAI ChatGPT. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5.
ZDI-23-1773: (0Day) Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability
Read Time:17 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-50197.
ZDI-23-1767: Microsoft Teams Isolated Webview Prototype Pollution Privilege Escalation Vulnerability
Read Time:14 Second
This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Teams. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.1.
ZDI-23-1768: Microsoft Word SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:14 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
ZDI-23-1769: Microsoft Skype Cross-Site Scripting Remote Code Execution Vulnerability
Read Time:14 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8.
ZDI-23-1770: Microsoft Office Visio EMF File Parsing Memory Corruption Remote Code Execution Vulnerability
Read Time:15 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
xorg-x11-server-Xwayland-22.1.9-4.fc38
Read Time:8 Second
FEDORA-2023-77c8903bcb
Packages in this update:
xorg-x11-server-Xwayland-22.1.9-4.fc38
Update description:
Fix for CVE-2023-6377, CVE-2023-6478
xorg-x11-server-Xwayland-23.2.3-1.fc39
Read Time:9 Second
FEDORA-2023-93940b58fd
Packages in this update:
xorg-x11-server-Xwayland-23.2.3-1.fc39
Update description:
xwayland 23.2.3, fixes CVE-2023-6377, CVE-2023-6478