CVE-2020-8713

CVE-2020-8713 affects Intel® Server Boards, Server Systems and Compute Modules prior to firmware version 1.59, where improper authentication may let an unauthenticated user potentially escalate privileges via adjacent access. NVD reports a CVSS v3.1 base score of 8.8 (High) with ADJACENT attack v...

CVE-2020-8723

Cross-site scripting for some IntelR Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access...

CVE-2020-8722

CVE-2020-8722 affects Intel Server Boards, Server Systems and Compute Modules, where a Buffer overflow in a subsystem before version 1.59 may allow a privileged user to escalate privileges via local access. Multiple connected sources (NVD entry, Red Hat advisory, and Intel’s Intel-SA-00384 adviso...

CVE-2020-8718

CVE-2020-8718: Buffer overflow in a subsystem of Intel® Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to escalate privileges via local access. Affected components are the Intel server hardware family; exploitation is local with low attack co...

CVE-2020-8721

CVE-2020-8721 describes improper input validation in Intel Server Boards, Server Systems and Compute Modules prior to firmware version 1.59, which may allow a privileged user to escalate privileges via local access. The issue affects Intel’s firmware for several server product families; the docum...

CVE-2020-8707

CVE-2020-8707 affects Intel Server Boards, Server Systems and Compute Modules. The issue is a buffer overflow in the daemon before version 1.59, which may allow an unauthenticated user to escalate privileges via adjacent access. Impact: potential privilege escalation. Affected products include In...

CVE-2020-8731

CVE-2020-8731 affects Intel® Server Boards, Server Systems and Compute Modules prior to firmware version 1.59. The issue is described as incorrect execution-assigned permissions in the file system, which may allow an authenticated user to escalate privileges via local access. Intel’s advisory (In...

CVE-2020-8730

CVE-2020-8730 affects Intel® Server Boards, Server Systems and Compute Modules. The issue is a heap-based overflow in firmware prior to version 1.59, which may allow an authenticated user to potentially escalate privileges via local access. Intel’s advisory confirms affected families (R1000WT/R20...

SkyArk - Helps To Discover, Assess And Secure The Most Privileged Entities In Azure And AWS

SkyArk is a cloud security project with two mainscanning modules: 1. AzureStealth - Scans Azure environments 2. AWStealth - Scan AWS environments These two scanning modules will discover the most privileged entities in the target AWS and Azure. The Main Goal - Discover The Most Privileged Cloud...

Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules

Intel is warning of a rare critical-severity vulnerability affecting several of its motherboards, server systems and compute modules. The flaw could allow an unauthenticated, remote attacker to achieve escalated privileges. The recently patched flaw CVE-2020-8708 ranks 9.6 out of 10 on the CVSS...

Intel® Server Boards, Server Systems and Compute Modules Advisory

Summary: Potential security vulnerabilities in some Intel® Server Boards, Server Systems and Compute Modules may allow escalation of privilege or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2020-8708...

PT-2020-3935 · Microsoft · Windows Modules Installer +1

Name of the Vulnerable Software and Affected Versions: Windows Modules Installer affected versions not specified Description: An elevation of privilege issue exists due to the improper handling of objects in memory by Windows Modules Installer. This could allow an attacker to run arbitrary code i...

metasploit-framework

This is a Metasploit Framework repository, a widely used penetration testing tool. The framework is used for identifying and exploiting vulnerabilities in computer systems and applications. The primary target of this framework is the Metasploit Framework itself, which is a Ruby-based framework fo...

USN-4451-2: ppp vulnerability

USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Thomas Chauchefoin working with Trend Micro´s Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker...

USN-4451-2 ppp vulnerability

USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Thomas Chauchefoin working with Trend Micro´s Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : ppp vulnerability (USN-4451-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4451-1 advisory. Thomas Chauchefoin working with Trend Micros Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker...

USN-4451-1 ppp vulnerability

Thomas Chauchefoin working with Trend Micro´s Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code...

Mistica - An Open Source Swiss Army Knife For Arbitrary Communication Over Application Protocols

Mística is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications. Currently, encapsulation into HTTP, DNS and ICMP protocols has been implemented, but more protocols are expected to be introduce...

OPENSUSE-SU-2020:1105-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: dracut-saltboot: - Print a list of available disk devices bsc1170824 - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'have...

BEESCMS suffers from SQL injection vulnerability (CNVD-2020-48932)

BEESCMS adopts PHP+MYSQL, featuring multi-language system and easy expansion of content modules. BEESCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...