(CVE-2023-2017) Shopware 6 Server-side Template Injection (SSTI) via Twig Security Extension

Summary: Product Shopware Vendor Shopware AG Severity High - Users with login access to Shopware Admin panel may be able to obtain remote code/command execution Affected Versions v6.4.18.1 <= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4 (Commit facfc88) Tested Versions v6.4.20.0 (Latest stable version), v6.5.0.0-rc3 (Latest pre-release version) CVE Identifier CVE-2023-2017 CVE Description Server-side Template Injection (SSTI) in Shopware 6 (<= v6....

April 17, 2023 · 8 min · Ngo Wei Lin (@Creastery)

(CVE-2022-44667) Windows CDirectMusicPortDownload Integer Overflow Vulnerability

Summary Product Microsoft DirectMusic Vendor Microsoft Severity High Affected Versions Microsoft DirectMusic Core Services DLL (dmusic.dll) version 10.0.22000.1 Tested Versions Microsoft DirectMusic Core Services DLL (dmusic.dll) version 10.0.22000.1 CVE Identifier CVE-2022-44667 CVSS3.1 Scoring System Base Score: 7.8 (High) Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Metric Value Attack Vector (AV) Local Attack Complexity (AC) Low Privileges Required (PR) None User Interaction (UI) Required Scope (S) Unchanged Confidentiality (C) High Integrity (I) High Availability (A) High Product Overview Microsoft DirectMusic Core Services DLL is a dynamic link library (DLL) that is part of the DirectMusic component of the DirectX multimedia API for Windows operating systems....

December 13, 2022 · 10 min · Lê Hữu Quang Linh (@linhlhq)

(CVE-2022-44668) Windows DirectMusicPortDownload Double Free Vulnerability

Summary Product Microsoft DirectMusic Vendor Microsoft Severity High Affected Versions Microsoft DirectMusic Core Services DLL (dmusic.dll) version 10.0.22000.1 Tested Versions Microsoft DirectMusic Core Services DLL (dmusic.dll) version 10.0.22000.1 CVE Identifier CVE-2022-44668 CVSS3.1 Scoring System Base Score: 7.8 (High) Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Metric Value Attack Vector (AV) Local Attack Complexity (AC) Low Privileges Required (PR) None User Interaction (UI) Required Scope (S) Unchanged Confidentiality (C) High Integrity (I) High Availability (A) High Product Overview Microsoft DirectMusic Core Services DLL is a dynamic link library (DLL) that is part of the DirectMusic component of the DirectX multimedia API for Windows operating systems....

December 13, 2022 · 5 min · Lê Hữu Quang Linh (@linhlhq)

(CVE-2022-26438) Asus System Control Interface Backup Local Privilege Escalation (LPE)

Summary: Product Asus System Control Interface Vendor Asus Severity High - Adversaries may exploit this software vulnerability to set weak file permissions, leading to local privilege escalation. Affected Versions MyASUS: 3.1.5.0 ASUS System Control Interface: 3.1.4.0 File Version: 1.0.9.0 (AsusSwitch.exe) Tested Versions MyASUS: 3.1.5.0 ASUS System Control Interface: 3.1.4.0 File Version: 1.0.9.0 (AsusSwitch.exe) CVE Identifier CVE-2022-26438 CWE CWE-276 - Incorrect Default Permissions CVSS3....

July 13, 2022 · 39 min · Schuyler Tay

(CVE-2022-26439) Asus System Control Interface Software Update Arbitrary File Deletion

Summary: Product Asus System Control Interface Vendor Asus Severity Medium - Adversaries may exploit this software vulnerability to set weak file permissions, leading to local privilege escalation. Affected Versions MyASUS: 3.1.5.0ASUS System Control Interface: 3.1.4.0File Version: 1.0.52.0 (AsusSoftwareManager.exe)1.0.44.0 (AsusLiveUpdate.dll) Tested Versions MyASUS: 3.1.5.0ASUS System Control Interface: 3.1.4.0File Version: 1.0.52.0 (AsusSoftwareManager.exe)1.0.44.0 (AsusLiveUpdate.dll) CVE Identifier CVE-2022-26439 CWE CVSS3....

July 13, 2022 · 3 min · Schuyler Tay

(CVE-2021-4206) QEMU QXL Integer overflow leads to Heap Overflow

CVE: CVE-2021-4206 Tested Versions: QEMU < v6.0.0 Product URL(s): https://www.qemu.org/ Description of the vulnerability Technical Details QXL, the QEMU QXL video accelerator, is a para-virtualized framebuffer device for the SPICE protocol. It is the default video device when we create a VM from virt-manager. It exposes the RAMs and I/O ports to let guest communicate with it. 00:01.0 VGA compatible controller: Red Hat, Inc. QXL paravirtual graphic card (rev 04) (prog-if 00 [VGA controller]) Subsystem: Red Hat, Inc....

March 28, 2022 · 3 min · Billy Jheng Bing Jhong (@st424204)

(CVE-2021-4207) QEMU QXL Integer overflow leads to Heap Overflow

CVE: CVE-2021-4207 Tested Versions: QEMU < v6.0.0 Product URL(s): https://www.qemu.org/ Description of the vulnerability Technical Details QXL, the QEMU QXL video accelerator, is a para-virtualized framebuffer device for the SPICE protocol. It is the default video device when we create a VM from virt-manager. It exposes the RAMs and I/O ports to let guest communicate with it. 00:01.0 VGA compatible controller: Red Hat, Inc. QXL paravirtual graphic card (rev 04) (prog-if 00 [VGA controller]) Subsystem: Red Hat, Inc....

March 28, 2022 · 3 min · Billy Jheng Bing Jhong (@st424204)