Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks

With speculative execution attacks remaining a stubbornly persistent vulnerability ailing modern processors, new research has highlighted an "industry failure" to adopting mitigations released by AMD and Intel, posing a firmware supply chain threat. Dubbed FirmwareBleed by Binarly, the information leaking assaults stem from the continued exposure of microarchitectural attack surfaces on the part

The Hacker News
Open in Source
#vulnerability#ios#intel#lenovo#amd#dell#The Hacker News
Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one

CVE-2020-35169: DSA-2020-286: Dell BSAFE Crypto-C Micro Edition 4.1.5 and Dell BSAFE Micro Edition Suite 4.6 Multiple Security Vulnerabilities

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.

CVE-2022-35414: Re: [PATCH v2] softmmu: Always initialize xlat in address_space_translate_for_iotlb

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.

CVE-2022-33936: DSA-2022-182: Cloud Mobility for Dell EMC Storage Security Update for a Path Traversal/RCE Vulnerability

Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity.

CVE-2022-32481: DSA-2022-163: Dell EMC Cyber Recovery Security Update for Multiple Vulnerabilities

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover.

Google cracks down on sites with ties to hack-for-hire groups in UAE, Russia, India

By Deeba Ahmed Currently, over 30 sites have been marked as malicious by Google’s Safe Browsing feature. Google TAG (Threat Analysis… This is a post from HackRead.com Read the original post: Google cracks down on sites with ties to hack-for-hire groups in UAE, Russia, India

CVE-2022-31230: DSA-2022-118: Dell EMC PowerScale OneFS Security Update

Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.

CVE-2022-31229: DSA-2022-118: Dell EMC PowerScale OneFS Security Update

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.