VU#127587: Python Parsing Error Enabling Bypass CVE-2023-24329
Overviewurllib.parse is a very basic and widely used basic URL parsing function in various applications.DescriptionAn issue in the urllib.parse component of Python before v3.11 allows attackers to...
View ArticleVU#287122: Parsec Remote Desktop App is prone to a local elevation of...
OverviewParsec updater for Windows was prone to a local privilege escalation vulnerability, this vulnerability allowed a local user with Parsec access to gain NT_AUTHORITY/SYSTEM...
View ArticleVU#757109: Groupnotes Inc. Videostream Mac client allows for privilege...
OverviewGroupnotes Inc. Videostream Mac client installs a LaunchDaemon that runs with root privileges. The daemon is vulnerable to a race condition that allows for arbitrary file writes. A low...
View ArticleVU#304455: Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router
OverviewAn authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. This vulnerability allows a remote, unauthenticated user to access sensitive...
View ArticleVU#347067: Multiple BGP implementations are vulnerable to improperly...
OverviewMultiple BGP implementations have been identified as vulnerable to specially crafted Path Attributes of a BGP UPDATE. Instead of ignoring invalid updates they reset the underlying TCP...
View ArticleVU#811862: Image files in UEFI can be abused to modify boot behavior
OverviewImplementation of Unified Extensible Firmware Interface (UEFI) by Vendors provide a way to customize logo image displayed during the early boot phase. Binarly has uncovered vulnerabilities in...
View ArticleVU#132380: Vulnerabilities in EDK2 NetworkPkg IP stack implementation.
OverviewMultiple vulnerabilities were discovered in the TCP/IP stack (NetworkPkg) of Tianocore EDKII, an open source implementation of Unified Extensible Firmware Interface (UEFI). Researchers at...
View ArticleVU#302671: SMTP end-of-data uncertainty can be abused to spoof emails and...
OverviewA vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences (essentially the end of a single email message) in mail messages. An attacker can use...
View ArticleVU#446598: GPU kernel implementations susceptible to memory leak
OverviewGeneral-purpose graphics processing unit (GPGPU) platforms from AMD, Apple, and Qualcomm fail to adequately isolate process memory, thereby enabling a local attacker to read memory from other...
View ArticleVU#949046: Sceiner firmware locks and associated devices are vulnerable to...
OverviewSciener is a company that develops software and hardware for electronic locks that are marketed under many different brands. Their hardware works in tandem with an app, called the TTLock app,...
View ArticleVU#488902: CPU hardware utilizing speculative execution may be vulnerable to...
OverviewA Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that...
View ArticleVU#417980: Implementations of UDP-based application protocols are vulnerable...
OverviewA novel traffic-loop vulnerability has been identified against certain implementations of UDP-based applications protocols. An unauthenticated attacker can use maliciously-crafted packets...
View ArticleVU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
OverviewHTTP allows messages to include named fields in both header and trailer sections. These header and trailer fields are serialised as field blocks in HTTP/2, so that they can be transmitted in...
View ArticleVU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks
OverviewA new cross-privilege Spectre v2 vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are...
View ArticleVU#123335: Multiple programming languages fail to escape arguments properly...
OverviewVarious programming languages lack proper validation mechanisms for commands and in some cases also fail to escape arguments correctly when invoking commands within a Microsoft Windows...
View Article
