Monthly Archives: December 2024

Advisories

ZDI-24-1641: Intel Computing Improvement Program PyInstaller Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Intel Computing Improvement Program. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-49797.

Read More

Advisories

USN-7135-1: HAProxy vulnerability

Read Time:12 Second

Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg,
and Harvey Tuch discovered that HAProxy incorrectly handled empty header
names. A remote attacker could possibly use this issue to manipulate
headers and bypass certain authentication checks and restrictions.

Read More

Advisories

Access Control in Paxton Net2 software

Read Time:15 Second

Posted by Jeroen Hermans via Fulldisclosure on Dec 02

CloudAware Security Advisory

[CVE pending]: Potential PII leak and incorrect access control in Paxton
Net2 software

========================================================================
Summary
========================================================================
Insecure backend database in the Paxton Net2 software. Possible leaking
of PII incorrect access control.
No physical access to computer running Paxton Net2 is required….

Read More

Advisories

USN-7134-1: Firefox vulnerabilities

Read Time:22 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-11692,
CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697,
CVE-2024-11699, CVE-2024-11701, CVE-2024-11704, CVE-2024-11705,
CVE-2024-11706, CVE-2024-11708)

Read More