CVE-2022-41352 Zimbra Collaboration (ZCS)
Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
2022-10-20
Zimbra Collaboration (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts.
Zimbra Collaboration (ZCS) は、攻撃者が cpio パッケージを使用して任意のファイルをアップロードし、
Apply updates per vendor instructions by 2022-11-10.
2022-11-10までに、
https://wiki.zimbra.com/wiki/
CVE-2021-3493 Linux Kernel
Linux Kernel Privilege Escalation Vulnerability
2022-10-20
The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation.
Linux カーネルの overlayfs スタッキングファイルシステムは、
Apply updates per vendor instructions by 2022-11-10.
CVE-2020-3433 Cisco AnyConnect Secure
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
2022-10-24
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.
Cisco AnyConnect Secure Mobility Client for Windowsのプロセス間通信(IPC)チャネルでは、
Apply updates per vendor instructions by 2022-11-14.
CVE-2020-3153 Cisco AnyConnect Secure
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
2022-10-24
Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.
Cisco AnyConnect Secure Mobility Client for Windowsでは、ディレクトリパスの不正な処理が可能です。
Apply updates per vendor instructions by 2022-11-14.
------------------------------
CVE-2018-19323 GIGABYTE Multiple Products
GIGABYTE Multiple Products Privilege Escalation Vulnerability
2022-10-24
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
GIGABYTE App Center、AORUS Graphics Engine、XTREME Gaming Engine、および OC GURU の GPCIDrv および GDrv 低レベルドライバーは、
Apply updates per vendor instructions by 2022-11-14.
https://www.gigabyte.com/
CVE-2018-19322 GIGABYTE Multiple Products
GIGABYTE Multiple Products Code Execution Vulnerability
2022-10-24
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
GIGABYTE App Center、AORUS Graphics Engine、XTREME Gaming Engine、および OC GURU II の GPCIDrv および GDrv ローレベルドライバーは、IO ポートから/へのデータの読み取り/書き込み機能を公開します。
Apply updates per vendor instructions by 2022-11-14.
https://www.gigabyte.com/
CVE-2018-19321 GIGABYTE Multiple Products
GIGABYTE Multiple Products Privilege Escalation Vulnerability
2022-10-24
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
GIGABYTE App Center、AORUS Graphics Engine、XTREME Gaming Engine、OC GURU II の GPCIDrv および GDrv 低レベルドライバーは、
Apply updates per vendor instructions by 2022-11-14.
https://www.gigabyte.com/
CVE-2018-19320 GIGABYTE Multiple Products
GIGABYTE Multiple Products Unspecified Vulnerability
2022-10-24
The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.
GIGABYTE App Center、AORUS Graphics Engine、XTREME Gaming Engine、および OC GURU II の GDrv 低レベルドライバは、ring0 memcpy に似た機能を公開し、
Apply updates per vendor instructions by 2022-11-14.
https://www.gigabyte.com/
------------------------------
CVE-2022-42827 Apple iOS and iPadOS
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
2022-10-25
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.
Apple iOS および iPadOS のカーネルには、境界外書き込みの脆弱性があり、
Apply updates per vendor instructions by 2022-11-15.
https://support.apple.com/en-
About the security content of iOS 16.1 and iPadOS 16
It says ...
"Kernel
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved bounds checking.
..."
「カーネル
対象製品:iPhone 8以降、iPad Pro(全モデル)、iPad Air第3世代以降、iPad第5世代以降、iPad mini第5世代以降
影響:アプリケーションによって、
説明:境界外への書き込みの問題は、
... 」
No comments:
Post a Comment