Category Archives: Advisories

CVE-2021-0159

Read Time:9 Second

Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

Read More

CVE-2021-0188

Read Time:9 Second

Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

Read More

CVE-2021-0189

Read Time:9 Second

Use of out-of-range pointer offset in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

Read More

SEC Consult SA-20220512-0 :: Sandbox Escape with Root Access & Clear-text passwords in Konica Minolta bizhub MFP Printer Terminals

Read Time:18 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 12

SEC Consult Vulnerability Lab Security Advisory < 20220512-0 >
=======================================================================
title: Sandbox Escape with Root Access & Clear-text passwords
product: Multiple Konica Minolta bizhub MFP Printer Terminals
vulnerable version: see vulnerable / tested versions below
fixed version: see solution section below
CVE number: CVE-2022-29586,…

Read More

A Vulnerability in certain HP PC BIOS Could Allow for Local Arbitrary Code Execution

Read Time:24 Second

A vulnerability has been discovered in certain HP PC BIOS, which could allow for local arbitrary code execution. The BIOS is a firmware which is used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. Successful exploitation of this vulnerability could allow for local arbitrary code execution with kernel level privileges. An attacker could then install programs; view; change, or delete data; or create new accounts with full user rights.

Read More

Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution.

Read Time:49 Second

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

Character Animator is a desktop application software product that combines real-time live motion-capture with a multi-track recording system to control layered 2D puppets drawn in Photoshop or Illustrator.
ColdFusion is a platform for building and deploying web and mobile applications..
InDesign is a layout and page design software for print and digital media.
Framemaker is a document processor designed for writing and editing large or complex documents.
InCopy is a professional word processor.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More