CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF

September 23, 2024 at 10:00AM The CERT Coordination Center at Carnegie Mellon University has issued an advisory for a critical flaw in Microchip’s Advanced Software Framework (ASF) that allows remote code execution via specially crafted DHCP requests. The security issue affects ASF 3.52.0.2574 and older versions, with no practical solution other than replacing the vulnerable … Read more

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

September 23, 2024 at 06:49AM A critical vulnerability (CVE-2024-7490) in Microchip Advanced Software Framework (ASF) could lead to remote code execution, impacting ASF 3.52.0.2574 and earlier versions. No fixes or mitigations are available, except replacing the tinydhcp service. Additionally, SonicWall detailed a severe zero-click vulnerability (CVE-2024-20017) in MediaTek Wi-Fi chipsets, with a patch released in … Read more

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

April 4, 2024 at 08:03AM New research has revealed a vulnerability in the HTTP/2 protocol, named HTTP/2 CONTINUATION Flood, which can be exploited to conduct denial-of-service (DoS) attacks. The issue affects multiple HTTP/2 implementations and could lead to server crashes, performance degradation, and memory exhaustion. Upgrading affected software or temporarily disabling HTTP/2 is recommended. After … Read more

New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset

April 4, 2024 at 07:30AM Researcher Bartek Nowotarski has unveiled a new denial-of-service (DoS) attack method named HTTP/2 Continuation Flood, potentially posing a greater threat than the previous Rapid Reset vulnerability. The attack exploits a flaw in the handling of HTTP/2 frames and has affected various implementations. Patches and mitigations are being issued, and the … Read more

PixieFail flaws impact PXE network boot in enterprise systems

January 16, 2024 at 12:19PM A set of nine vulnerabilities, named ‘PixieFail,’ impact Tianocore’s EDK II, an open-source implementation of the UEFI spec widely used in enterprise computers. The flaws, discovered by Quarkslab, affect the PXE boot process and expose systems to DoS, RCE, network session hijacking, and other attacks. Multiple vendors, including major tech … Read more