Skip to main content

Search

Items tagged with: vulnerability


Flipping Pages: An analysis of a new #Linux #vulnerability in #nf_tables and hardened exploitation techniques

https://pwning.tech/nftables/

> A tale about exploiting KernelCTF Mitigation, Debian, and Ubuntu instances with a double-free in nf_tables in the Linux kernel, using novel techniques like Dirty Pagedirectory. All without even having to recompile the exploit for different kernel targets once.


#Unpatchable #Vulnerability in #Apple #m1 #m2 Chip Leaks Secret Encryption Keys
Now that's a good, sound reason to avoid them. Until now I felt like the fox in "The Fox and the grapes"

https://apple.slashdot.org/story/24/03/21/1736222/unpatchable-vulnerability-in-apple-chip-leaks-secret-encryption-keys


Creativity for creating PSK ;-)

Ubee DDW365 XCNDDW365 and DDW366 XCNDXW3WB devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit.

#infosec #vulnerability #crypto

🔗 https://vulnerability.circl.lu/vuln/GHSA-jj7g-c984-hr2m


Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the Exim server, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.

🔗 https://cvepremium.circl.lu/cve/CVE-2023-51766

#vulnerability #exim


Security researcher Gergely Kalman has published a technical write-up on BatSignal (CVE-2022-26704), an unprivileged user to root elevation of privilege vulnerability in macOS.

https://gergelykalman.com/no-CVE-batsignal-a-macos-lpe.html #infosec #cybersecurity #security #apple #macos #vulnerability


I maintain some notes about HTTP/2 ‘Rapid Reset’ DDoS attack - CVE-2023-44487

🔗 https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088

#rapidreset #http2 #infosec #ddos #vulnerability #CVE-2023-44487


Don't forget to upgrade your Mastodon sever to the latest version v4.1.8 due to the CVE-2023-42451 and CVE-2023-42452 vulnerabilities.

#mastodon #infosec #vulnerability

🔗 https://github.com/mastodon/mastodon/releases/tag/v4.1.8

🔗 https://cvepremium.circl.lu/cve/CVE-2023-42451
🔗 https://cvepremium.circl.lu/cve/CVE-2023-42452


Inaudible ultrasound attack can stealthily control your phone, smart speaker


Content warning: https://gadgeteer.co.za/wp-content/uploads/2023/03/NUIT-2-400x221.jpg The team of researchers consists of professor Guenevere Chen of the University of Texas in San Antonio (UTSA), her doctoral student Qi Xia, and professor Shouhuai Xu of the University o

This website uses cookies to recognize revisiting and logged in users. You accept the usage of these cookies by continue browsing this website.