Lucene search
+L

130 matches found

Qualys Blog
Qualys Blog
added 2022/04/20 7:26 p.m.26 views

Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 2)

This post is the second of a multi-part blog series that explores and highlights the different risks that Windows Subsystem for Linux WSL poses to an enterprise IT environment. Here we examine different TTPs that abuse WSL and assess different methods to defend against such threats. ← Go to Part ...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/03/22 2:25 p.m.29 views

Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 1)

This post is the first of a multi-part blog series that will explore and highlight the different risks that Windows Subsystem for Linux WSL poses to an enterprise IT environment. Here we examine a new Microsoft feature for GNU\Linux that increases the attack surface and introduces a lot more...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/09/17 11:2 a.m.25 views

New Malware Targets Windows Subsystem for Linux to Evade Detection

A number of malicious samples have been created for the Windows Subsystem for Linux WSL with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft"...

0.4AI score
Exploits0
Cvelist
Cvelist
added 2020/07/14 10:54 p.m.24 views

CVE-2020-1423

An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'...

8.2AI score0.00729EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/05/29 12:0 a.m.7 views

The compatibility subsystem for running Linux applications allows Windows Subsystem for Linux (WSL) operating systems to enable unauthorized access to protected information by attackers.

The vulnerability of the compatibility subsystem for running Linux applications in Windows Subsystem for Linux WSL operating systems is related to object handling errors in the kernel. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through...

5.5CVSS6.5AI score0.01425EPSS
Exploits0References2
OSV
OSV
added 2020/05/21 11:15 p.m.2 views

CVE-2020-1075

An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka 'Windows Subsystem for Linux Information Disclosure Vulnerability'...

5.5CVSS6.7AI score0.01425EPSS
Exploits0References1
NVD
NVD
added 2020/05/21 11:15 p.m.18 views

CVE-2020-1075

An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka 'Windows Subsystem for Linux Information Disclosure Vulnerability'...

5.5CVSS6.8AI score0.01425EPSS
Exploits0References1
Prion
Prion
added 2020/05/21 11:15 p.m.12 views

Information disclosure

An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka 'Windows Subsystem for Linux Information Disclosure Vulnerability'...

2.1CVSS5.3AI score0.01425EPSS
Exploits0References1Affected Software2
OpenVAS
OpenVAS
added 2020/04/01 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2020-1361)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.34007EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/02/25 12:0 a.m.49 views

EulerOS 2.0 SP8 : git (EulerOS-SA-2020-1151)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The...

9.8CVSS8.1AI score0.34007EPSS
Exploits1References10
NVD
NVD
added 2020/01/24 10:15 p.m.22 views

CVE-2019-1353

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux also known as "WSL" while accessing a working directory on a regular Windows drive, none of the NTFS...

9.8CVSS9.3AI score0.02225EPSS
Exploits0References5
OSV
OSV
added 2020/01/24 10:15 p.m.2 views

DEBIAN-CVE-2019-1353

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux also known as "WSL" while accessing a working directory on a regular Windows drive, none of the NTFS...

9.8CVSS8AI score0.02225EPSS
Exploits0References1
OSV
OSV
added 2020/01/24 10:15 p.m.27 views

CVE-2019-1353

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux also known as "WSL" while accessing a working directory on a regular Windows drive, none of the NTFS...

9.8CVSS6.6AI score
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2020/01/22 12:0 a.m.6 views

The compatibility subsystem for running Linux applications allows Windows Subsystem for Linux (WSL) operating systems, enabling attackers to enhance their privileges.

The vulnerability of the compatibility subsystem for running Linux applications in Windows Subsystem for Linux WSL operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...

7.8CVSS7.2AI score0.00814EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/12/13 12:0 a.m.162 views

Amazon Linux AMI : git (ALAS-2019-1325)

The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.CVE-2019-1348 When submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice. ...

9.8CVSS7.1AI score0.34007EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2019/12/11 12:50 a.m.30 views

CVE-2019-1353

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux also known as "WSL" while accessing a working directory on a regular Windows drive, none of the NTFS...

9.8CVSS3.5AI score0.02225EPSS
Exploits0References4
Amazon
Amazon
added 2019/12/09 12:0 a.m.56 views

Important: git

Issue Overview: The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths.CVE-2019-1348 When submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git...

9.8CVSS7.8AI score0.34007EPSS
Exploits0
Prion
Prion
added 2019/11/12 7:15 p.m.16 views

Race condition

An elevation of privilege vulnerability exists due to a race condition in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'...

4.4CVSS6.9AI score0.0045EPSS
Exploits0References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2019/11/12 12:0 a.m.66 views

KB4523205: Windows 10 Version 1809 and Windows Server 2019 November 2019 Security Update

The remote Windows host is missing security update 4523205. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability...

9.9CVSS8.2AI score0.75859EPSS
Exploits36References54
Tenable Nessus
Tenable Nessus
added 2019/11/12 12:0 a.m.60 views

KB4525237: Windows 10 Version 1803 November 2019 Security Update

The remote Windows host is missing security update 4525237. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability...

9.9CVSS8.2AI score0.75859EPSS
Exploits36References54
Rows per page
Query Builder