PT-2020-14419 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-el7-0.9.8.891 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the loader ajax.php...

The vulnerability of the full_load method and the FullLoader loader from the PyYAML library allows a attacker to execute arbitrary code.

The vulnerability of the fullload method and the FullLoader loader from the PyYAML library exists due to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

IcedID Banker is Back, Adding Steganography, COVID-19 Theme

A new version of the IcedID banking trojan has debuted that notably embraces steganography – the practice of hiding code within images – in order to stealthily infect victims. It has also changed up its process for eavesdropping on victims’ web activity. Researchers at Juniper Threat Labs have...

Schneider Electric Unity Loader and OS Loader Software Trust Management Issues Vulnerability

Schneider Electric Unity Loader and OS Loader Software are both products of Schneider Electric, France.Unity Loader is a data exchange utility program.OS Loader Software is a system loading utility program. A trust management issue vulnerability exists in Schneider Electric Unity Loader and OS...

CVE-2020-7498

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...

CVE-2020-7498

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software all versions. The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file...

CVE-2020-7498

The CVE-2020-7498 entry concerns Schneider Electric Unity Loader and OS Loader Software (all versions) with a CWE-798 issue: the use of hard-coded credentials to simplify file transfers. This root cause means an attacker could potentially gain unauthorized access to the file transfer service used...

chromium-browser: Insufficient data validation in loader

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...

Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation

In September 2019, MITRE evaluated Microsoft Threat Protection MTP and other endpoint security solutions. The ATT&CK evaluation lasted for three days, with a professional red team from MITRE emulating many advanced attack behaviors used by the nation-state threat group known as YTTRIUM APT29. Aft...

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

Vulnerabilities fixed in Intel products

Intel has fixed vulnerabilities in Intel Converged Security and Manageability Engine CSME, Intel Server Platform Services SPS, Intel Trusted Execution Engine TXE, Intel Active Management Technology AMT, Intel Standard Manageability ISM and Intel Dynamic Application Loader DAL. The above products...

HPSBHF03667 rev. 2 - Intel® 2020.1 IPU - CSME, SPS, TXT, AMT and DAL Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: Intel® VULNERABILITY SUMMARY HP has been notified by Intel of potential security vulnerabilities in the Intel® Converged Security and...

Intel CSME, SPS, TXE, AMT and DAL Advisory - Lenovo Support US

No description provided...

Intel CSME, SPS, TXE, AMT and DAL Advisory - Lenovo Support US

Lenovo Security Advisory: LEN-30041 Potential Impact: Privilege escalation, denial of service, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2020-0542, CVE-2020-0532, CVE-2020-0538, CVE-2020-0534, CVE-2020-0541, CVE-2020-0533, CVE-2020-0537, CVE-2020-053...

UBUNTU-CVE-2020-13765

romcopy in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation...

TrickBot Adds BazarBackdoor to Malware Arsenal

A new module for the infamous trojan known as TrickBot has been deployed: A stealthy backdoor that researchers call “BazarBackdoor.” The binary was first spotted being delivered as part of a phishing campaign that began in March, according to an analysis from Panda Security this week. The campaig...

Valak Loader Revamped to Rob Microsoft Exchange Servers

Threat actors have revamped a popular malware loader into a stealthy infostealer that targets Microsoft Exchange servers to pilfer enterprise mailing information, passwords and enterprise certificates, researchers have found. Security researchers from Cybereason Nocturnus have discovered Valak, a...

PT-2021-3478

Name of the Vulnerable Software and Affected Versions PyYAML versions prior to 5.4 Description A flaw in the PyYAML library allows for arbitrary code execution when processing untrusted YAML files through the full load method or with the FullLoader loader. This issue enables an attacker to execut...

PYSEC-2020-341

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...