Mar 03, 2023Ravie LakshmananEnterprise Security / IoT A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is … [Read more...] about New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
Library
22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been addressed in version 3.39.2 … [Read more...] about 22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library
High-Severity RCE Vulnerability Reported in Popular Fastjson Library
Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called "AutoType." It was patched by the project … [Read more...] about High-Severity RCE Vulnerability Reported in Popular Fastjson Library
Ripple20: 19 vulnerabilities in the TCP/IP library
Experts at Israeli company JSOF have discovered 19 zero-day vulnerabilities, some critical, affecting hundreds of millions of Internet of Things (IoT) devices. The worst part is that some devices will never receive updates. All of the vulnerabilities were found in the TCP/IP library of Treck Inc., which the company has been developing for more than two decades. The set of … [Read more...] about Ripple20: 19 vulnerabilities in the TCP/IP library
Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
Updated on April 14. Microsoft has issued a warning about two new vulnerabilities in the Adobe Type Manager Library. Moreover, according to their information, some attackers are already exploiting them in targeted attacks. On April 14, Microsoft released security updates that address these vulnerabilities. What is Adobe Type Manager Library and how is it vulnerable There were … [Read more...] about Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
Save Over 75% on SitePoint Premium Tech E-Learning Library
Upskill to Your Dream Job with 5,350+ Cutting-Edge Videos & eBooks on Coding, UX Design & More … [Read more...] about Save Over 75% on SitePoint Premium Tech E-Learning Library