TAU Technical Report: New Attack Combines TinyPOS With Living-off-the-Land Techniques for Scraping Credit Card Data

In April of 2020 VMware Carbon Black Threat Analysis Unit TAU researchers worked with an Incident Response IR partner on a piece of malware that was discovered during an ongoing PCI investigation. The combined analysis showed that attackers who previously leveraged a malware family called TinyPOS...

DEBIAN-CVE-2020-6490

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...

UBUNTU-CVE-2020-6490

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page...

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...

Directory Traversal

Overview org.jooby:jooby is a modern, performant and easy to use web framework for Java and Kotlin built on top of your favorite web server. Affected versions of this package are vulnerable to Directory Traversal. There are two ways this vulnerability can be leveraged: When sharing a File System...

DEBIAN-CVE-2020-12761

modules/loaders/loaderico.c in imlib2 1.6.0 has an integer overflow with resultant invalid memory allocations and out-of-bounds reads via an icon with many colors in its color map...

CVE-2020-12761

modules/loaders/loaderico.c in imlib2 1.6.0 has an integer overflow with resultant invalid memory allocations and out-of-bounds reads via an icon with many colors in its color map...

UBUNTU-CVE-2020-12761

modules/loaders/loaderico.c in imlib2 1.6.0 has an integer overflow with resultant invalid memory allocations and out-of-bounds reads via an icon with many colors in its color map...

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

Microsoft security advisory: Update to revoke noncompliant UEFI boot loader modules

Microsoft security advisory: Update to revoke noncompliant UEFI boot loader modules INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit...

Denial Of Service (DoS)

glibc is vulnerable to privilege escalation. It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LDAUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use...

Privilege Escalation

glibc is vulnerable to privilege escalation. The vulnerability exists as it was discovered that the glibc dynamic linker/loader did not perform sufficient safety checks when loading dynamic shared objects DSOs to provide callbacks for its auditing API during the execution of privileged programs. ...

Privilege Escalation

xen is vulnerable to privilege escalation. The vulnerability exists as the pyGrub boot loader did not honor the "password" option in the grub.conf file for para-virtualized guests. Users with access to a guest's console could use this flaw to bypass intended access restrictions and boot the guest...

Server-side Template Injection (SSTI)

Overview freemarker:freemarker is a FreeMarker is a "template engine"; a generic tool to generate text output based on templates. Affected versions of this package are vulnerable to Server-side Template Injection SSTI. By allowing user input into java.security.ProtectionDomain.getClassLoader,...