Tag: system privileges
-
Bulletins: Vulnerability Summary for the Week of August 25, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-245 Source: Bulletins Title: Vulnerability Summary for the Week of August 25, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000projects–Online Project Report Submission and Evaluation System A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown…
-
Cisco Talos Blog: ReVault! When your SoC turns against you… deep dive edition
Source URL: https://blog.talosintelligence.com/revault-when-your-soc-turns-against-you-2/ Source: Cisco Talos Blog Title: ReVault! When your SoC turns against you… deep dive edition Feedly Summary: Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. AI Summary and Description: Yes **Summary:** The text conducts an in-depth analysis…
-
Bulletins: Vulnerability Summary for the Week of June 23, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-181 Source: Bulletins Title: Vulnerability Summary for the Week of June 23, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 70mai–M300 A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet…
-
Bulletins: Vulnerability Summary for the Week of March 10, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-076 Source: Bulletins Title: Vulnerability Summary for the Week of March 10, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged…
-
Unit 42: Multiple Vulnerabilities Discovered in a SCADA System
Source URL: https://unit42.paloaltonetworks.com/vulnerabilities-in-iconics-software-suite/ Source: Unit 42 Title: Multiple Vulnerabilities Discovered in a SCADA System Feedly Summary: We identified multiple vulnerabilities in ICONICS Suite, SCADA software used in numerous OT applications. This article offers a technical analysis of our findings. The post Multiple Vulnerabilities Discovered in a SCADA System appeared first on Unit 42. AI Summary…
-
Cloud Blog: CVE-2023-6080: A Case Study on Third-Party Installer Abuse
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/cve-2023-6080-third-party-installer-abuse/ Source: Cloud Blog Title: CVE-2023-6080: A Case Study on Third-Party Installer Abuse Feedly Summary: Written By: Jacob Paullus, Daniel McNamara, Jake Rawlins, Steven Karschnia Executive Summary Mandiant exploited flaws in the Microsoft Software Installer (MSI) repair action of Lakeside Software’s SysTrack installer to obtain arbitrary code execution. An attacker with low-privilege access…
-
Bulletins: Vulnerability Summary for the Week of January 20, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-026 Source: Bulletins Title: Vulnerability Summary for the Week of January 20, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info aEnrich Technology–a+HRD The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database…
-
Bulletins: Vulnerability Summary for the Week of December 2, 2024
Source URL: https://www.cisa.gov/news-events/bulletins/sb24-344 Source: Bulletins Title: Vulnerability Summary for the Week of December 2, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description8 Published CVSS Score Source Info SailPoint Technologies–IdentityIQ IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2…
-
The Register: Don’t want your Kubernetes Windows nodes hijacked? Patch this hole now
Source URL: https://www.theregister.com/2025/01/24/kubernetes_windows_nodes_bug/ Source: The Register Title: Don’t want your Kubernetes Windows nodes hijacked? Patch this hole now Feedly Summary: SYSTEM-level command injection via API parameter *chef’s kiss* A now-fixed command-injection bug in Kubernetes can be exploited by a remote attacker to gain code execution with SYSTEM privileges on all Windows endpoints in a cluster,…
-
The Register: Microsoft fixes under-attack privilege-escalation holes in Hyper-V
Source URL: https://www.theregister.com/2025/01/15/patch_tuesday_january_2025/ Source: The Register Title: Microsoft fixes under-attack privilege-escalation holes in Hyper-V Feedly Summary: Plus: Excel hell, angst for Adobe fans, and life’s too Snort for Cisco Patch Tuesday The first Patch Tuesday of 2025 has seen Microsoft address three under-attack privilege-escalation flaws in its Hyper-V hypervisor, plus plenty more problems that deserve…