Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

Chinese Smishing Triad Gang Hits US Users in Extensive Cybercrime Attack

By Deeba Ahmed Smishing Triad Impersonating Leading Mail/Delivery Services in New Attack This is a post from HackRead.com Read the original post: Chinese Smishing Triad Gang Hits US Users in Extensive Cybercrime Attack

HackRead
Open in Source
#sql#vulnerability#web#mac#apple#git#intel#auth#dell
CVE-2023-32457: DSA-2023-277: Security Update for Dell PowerScale OneFS for Improper Privilege Management Vulnerability

Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote attacker with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.

Security News This Week: US Energy Firm Targeted With Malicious QR Codes in Mass Phishing Attack

New research reveals the strategies hackers use to hide their malware distribution system, and companies are rushing to release mitigations for the “Downfall” processor vulnerability on Intel chips.

CVE-2023-28075: DSA-2023-152: Security Update for a Dell Client BIOS Vulnerability

Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.

CVE-2023-32453: DSA-2023-190: Security Update for a Dell Client BIOS Vulnerability

Dell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.

CVE-2023-39250: DSA-2023-282: Security Update for Dell Storage Integration Tools for VMware (DSITV) Vulnerabilities

Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.

CVE-2023-32494: DSA-2023-269: Security Update for Dell PowerScale OneFS for Multiple Security Vulnerabilities

Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.

CVE-2023-39659: Prompt injection which leads to arbitrary code execution · Issue #7700 · langchain-ai/langchain

An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.

CVE-2023-33242: Lindell17 Abort Vulnerability [CVE-2023-33242]: Technical Report - Fireblocks

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.

Microsoft Releases Patches for 74 New Vulnerabilities in August Update

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System