Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

Cybercriminals Exploit CAN Injection Hack to Steal Cars

By Waqas If it is connected, it is vulnerable; in this case, a Toyota RAV4 model was stolen within two minutes. This is a post from HackRead.com Read the original post: Cybercriminals Exploit CAN Injection Hack to Steal Cars

HackRead
Open in Source
#vulnerability#dell
CVE-2023-27806: H3C Magic R100 was discovered stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm - HackMD

H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Cybercriminals 'CAN' Steal Your Car, Using Novel IoT Hack

Your family's SUV could be gone in the night thanks to a headlight crack and hack attack.

CVE-2023-28051: DSA-2023-112: Dell Power Manager Security Update for an Improper Access Control Vulnerability

Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.

Adobe Reset User Passwords as Precaution Against Data Breach Risks

By Waqas If you have received a password reset or "update your password" email from Adobe recently, you are not alone. This is a post from HackRead.com Read the original post: Adobe Reset User Passwords as Precaution Against Data Breach Risks

CVE-2023-28046: DSA-2023-123: Dell Display Manager Security Update for Arbitrary File or Folder Creation/Deletion Vulnerabilities

Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges.

CVE-2023-25542: DSA-2023-074: Dell Trusted Device Agent Security Update for an Improper Installation Permissions Vulnerability

Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

CVE-2023-27491: RFC ft-ietf-quic-http: HTTP/3

Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9.

CVE-2023-25942: DSA-2023-102: Dell EMC PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.