CVE-2021-0159
Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via...
CVE-2021-0188
Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation...
CVE-2021-0189
Use of out-of-range pointer offset in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via...
SEC Consult SA-20220512-0 :: Sandbox Escape with Root Access & Clear-text passwords in Konica Minolta bizhub MFP Printer Terminals
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 12 SEC Consult Vulnerability Lab Security Advisory < 20220512-0 > ======================================================================= title: Sandbox Escape...
Re: Defense in depth — the Microsoft way (part 80): 25 (in words: TWENTY-FIVE) year old TRIVIAL bug crashes CMD.exe
Posted by Tavis Ormandy on May 12 They're explaining that you need privileges to attack *other* users. I don't think anyone is disputing you can...
USN-5420-1: Vorbis vulnerabilities
It was discovered that Vorbis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute...
USN-5419-1: Rsyslog vulnerabilities
It was discovered that Rsyslog improperly handled certain invalid input. An attacker could use this issue to cause Rsyslog to crash. Read More
A Vulnerability in certain HP PC BIOS Could Allow for Local Arbitrary Code Execution
A vulnerability has been discovered in certain HP PC BIOS, which could allow for local arbitrary code execution. The BIOS is a firmware which is...
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution.
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Character Animator is a desktop application...
ZDI-22-774: Foxit PDF Reader deletePages Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in...