Authorization Bypass

kernel is vulnerable to authorization bypass. In KVM Kernel-based Virtual Machine environments using raw format virtio disks backed by a partition or LVM volume, a privileged guest user could bypass intended restrictions and issue read and write requests and other SCSI commands on the host, and...

CVE-2020-4325

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the...

Design/Logic Flaw

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the...

[slackware-security] proftpd

New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/proftpd-1.3.6c-i586-1slack14.2.txz: Upgraded. No CVEs assigned, but this sure looks like a security issue: Use-after-fr...

PT-2020-6312 · Libvirt +8 · Libvirt +8

Name of the Vulnerable Software and Affected Versions: libvirt versions 3.10.0 through 5.x Description: A NULL pointer dereference was found in the libvirt API for fetching a storage pool based on its target path. This flaw affects storage pools created without a target path, such as network-base...

Breaking down a two-year run of Vivin’s cryptominers

News Summary There is another large-scale cryptomining attack from an actor we are tracking as "Vivin" that has been active since at least November 2017. "Vivin" has consistently evolved over the past few years, despite having poor operational security and exposing key details of their campaign. ...

This Alleged Bitcoin Scam Looked a Lot Like a Pyramid Scheme

Five men face federal charges of bilking investors of $722 million by inviting them to buy shares in bitcoin mining pools...

DEBIAN-CVE-2019-19082

Memory leaks in createresourcepool functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption. This affects the dce120createresourcepool function in drivers/gpu/drm/amd/display/dc/dce120/dce120resource.c, the...

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2019-34771)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

Authorization Bypass

ceph is vulnerable to authorization bypass attacks. The vulnerability exists as a flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, lumino...

Troubleshooting thin provisioning for shared block storage on XenServer

XenServer and Citrix Hypervisor use GFS2 to provide the ability to set up thin provisioning with a shared block storage device. Pools that use GFS2 to thin provision their shared block storage are clustered and behave differently to pools that use shared file-based storage or LVM with shared bloc...

singaporepools.com.sg XSS vulnerability

Open Bug Bounty ID: OBB-659822 Description| Value ---|--- Affected Website:| singaporepools.com.sg Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners

Introduction Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized. This interest has increased in recent years, stemming far beyond the desire to simply use cryptocurrencies as a method of payment for illicit tools and...

Red Hat Ceph Security Bypass Vulnerability

Red Hat Ceph is a Linux PB-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure based on POSIX Portable Operating System Interface, so that data can be fault-tolerant and seamlessly replicated.Ceph...

CVE-2018-10861

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected...

Design/Logic Flaw

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected...

DEBIAN-CVE-2018-10861

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected...

UBUNTU-CVE-2018-10861

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected...

CVE-2018-10861

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected...

CVE-2018-10861

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected...