SySS GmbH found out that the embedded flash memory of the Bluetooth LE Microsoft Surface Mouse can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.
933f2992509d7280ad24c43f072e8b31d6120616cedff0435434455cee6645f2SySS GmbH found out that the embedded flash memory of the Bluetooth LE Microsoft Surface Keyboard can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.
ddef568ac1a9b0a2ad733adb0361167469bb13ac9e72018fa9dd34b5b66a993aSySS GmbH found out that the embedded flash memory of the Microsoft Designer Bluetooth Desktop keyboard can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.
a5148241981394c2a24fc78dd0e069153a14fc48069935d8f1b62a025fbcf8aaGRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
ec54d0190b811c432e0cf3a23e489d6c5cc1d55663e31d764b844dfcfc152ee5The Microsoft Windows kernel suffers from an out-of-bounds read vulnerability in nt!MiRelocateImage while parsing a malformed PE file.
09a78b9b27104c74d7493858414d676b9c84bec99187241c744837c44ab57c68The Microsoft Windows kernel suffers from an out-of-bounds read vulnerability in CI!HashKComputeFirstPageHash while parsing a malformed PE file.
8731c4f2a1bd813e3c65fef7d7e537efc2972b0c7272429e92f40c7bd02522f8The Microsoft Windows kernel suffers from an out-of-bounds read in nt!MiParseImageLoadConfig while parsing a malformed PE file.
e6ea263f84cba66ae6dc8429b12b85100d09ee248df83f0d7ab7363703db8e01The Microsoft Windows kernel suffers from an out-of-bounds read vulnerability in CI!CipFixImageType while parsing a malformed PE file.
e7b8c25f33beda97114ea81fe60b35ef1fd7558c7d25be720038945e9658b5c6The Microsoft Windows kernel suffers from a null pointer dereference vulnerability in nt!MiOffsetToProtos while parsing a malformed PE file.
8ac7acafcd51257924a2252b8c1909c6077d4d441f55c97ee3e5eb46f3b038d6Microsoft Windows Kernel suffers from a TTF font processing win32k!ulClearTypeFilter pool corruption vulnerability in win32k.sys.
ab7b06a9750d305bdd7569044211204829905b7723e935325e0ee319ceb7d2adUbuntu Security Notice 4151-2 - USN-4151-1 fixed several vulnerabilities in Python. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. Various other issues were also addressed.
d113f0bd6b18a24f8d47226df8c3ba6a6d2753339432c2bf61db7c00a5216c91Ubuntu Security Notice 4153-1 - Daniel Preussker discovered that Octavia incorrectly handled client certificate checking. A remote attacker on the management network could possibly use this issue to perform configuration changes and obtain sensitive information.
2de8e4091c1f8c7cc301e5b4e7d01c9f83547b32e93c847aec97417ab38aeafcRed Hat Security Advisory 2019-3002-01 - Red Hat Fuse Integration Services provides a set of tools and containerized xPaaS images that enable development, deployment, and management of integration microservices within OpenShift. Issues addressed include code execution and deserialization vulnerabilities.
621dfcd461e954e5f0ed3fefc22cedb7836b478f9190950358f4e51efebf85c0Red Hat Security Advisory 2019-2998-01 - Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of RHOAR Thorntail 2.5.0 serves as a replacement for RHOAR Thorntail 2.4.0, and includes security and bug fixes and enhancements. Issues addressed include code execution and deserialization vulnerabilities.
990493a3b0a3b678086cfe342d930bc8b793465ba34ab1e3a5f0ba29814a2e34Red Hat Security Advisory 2019-2995-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat A-MQ Broker 7.5.0 serves as a replacement for Red Hat A-MQ Broker 7.4.1, and includes security and bug fixes, and enhancements. A Class Loader manipulation vulnerability was addressed.
dd9ea47c1d0afaf31a5d352fe371b0637db5ce6186d2c3b24e0e7e14586fdfb2Ubuntu Security Notice 4152-1 - It was discovered that libsoup incorrectly handled parsing certain NTLM messages. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause a denial of service.
6ea946965fbc177bbde8e7596323fef6d036d718c212d1fe2a24bb4d11e7a2b959 bytes small Linux/x86 add user to /etc/passwd shellcode.
918c61c93c872f56062369ffa875b4e1f3a8d5bf7f31b8e797616444b1efe92bSMA Solar Technology AG Sunny WebBox device version 1.6 suffers from a cross site request forgery vulnerability.
7b35c261875218791993e217e944e36b81f914f4b49a1e3d2e8a3e0a7bc4ffd0This Metasploit module exploits a stack buffer overflow in ASX to MP3 converter 3.1.3.7. By constructing a specially crafted ASX file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode. Tested on: Microsoft Windows 7 Enterprise, 6.1.7601 Service Pack 1 Build 7601, x64-based PC Microsoft Windows 10 Pro, 10.0.18362 N/A Build 18362, x64-based PC.
e27f76fce1e05296187e75ec93fc7559ee0cdd83d3e77119ce5f0607fb4069deTP-Link TL-WR1043ND 2 suffers from an authentication bypass vulnerability.
1c5364c795cddfe0fbfc962becde2df554e5169ceca8064aaa8609af5bfd77f8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed