EUVD-2020-4449

Malware in sbrugna...

CVE-2020-12134

Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log...

‘Tropic Trooper’ Reemerges to Target Transportation Outfits

They’ve been an active threat group since 2011, but a recent uptick in activity from Earth Centaur – previously known as Tropic Trooper – aimed specifically at transportation and government agencies is setting off alarm bells among experts. Trend Micro researchers have been tracking Tropic...

Collecting In the Dark: Tropic Trooper Targets Transportation and Government

Our long-term monitoring of the cyberespionage group Earth Centaur aka Tropic Trooper shows that the threat actors are equipped with new tools and techniques. The group seems to be targeting transportation companies and government agencies related to transportation...

x86: Race condition in Xen mapping code

ISSUE DESCRIPTION The Xen code handling the updating of the hypervisor's own pagetables tries to use 2MiB and 1GiB superpages as much as possible to maximize TLB efficiency. Some of the operations for checking and coalescing superpages take non-negligible amount of time; to avoid potential lock...

DEBIAN-CVE-2020-25596

An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a GP fault, and incorrectly delivers it twice to the guest...

ALPINE-CVE-2020-25596

An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a GP fault, and incorrectly delivers it twice to the guest...

Design/Logic Flaw

An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a GP fault, and incorrectly delivers it twice to the guest...

CVE-2020-25596

An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a GP fault, and incorrectly delivers it twice to the guest...

x86 pv guest kernel DoS via SYSENTER

ISSUE DESCRIPTION The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege GP fault typically fatal rather than ...

CVE-2020-12134

Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log...

CVE-2020-12134

Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log...

Code injection

Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log...

CVE-2020-12134

CVE-2020-12134 affects Nanometrics Centaur (<= 4.3.23) and TitanSMA (

CVE-2020-12134

Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log...

Nanometrics Centaur and TitanSMA Unverified Remote Memory Disclosure Vulnerability

The Nanometrics Centaur and Nanometrics TitanSMA are both data loggers from Nanometrics Canada. A security vulnerability exists in Nanometrics Centaur version 4.3.23 and earlier and TitanSMA version 4.2.20 and earlier, which stems from the program's failure to properly handle access control to...

Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Exploit

Exploit for hardware platform in category web applications Exploit Title: Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Author: byteGoblin Vendor: https://www.nanometrics.ca Product: https://www.nanometrics.ca/products/accelerometers/titan-sma Product:...

Nanometrics Centaur 4.3.23 Memory Leak

Exploit Title: Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Date: 2020-02-15 Author: byteGoblin Vendor: https://www.nanometrics.ca Product: https://www.nanometrics.ca/products/accelerometers/titan-sma Product:...

Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak

Exploit Title: Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Date: 2020-02-15 Author: byteGoblin Vendor: https://www.nanometrics.ca Product: https://www.nanometrics.ca/products/accelerometers/titan-sma Product:...

Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak

Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Exploit Title: Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Date: 2020-02-15 Author: byteGoblin Vendor: https://www.nanometrics.ca Product: https://www.nanometrics.ca/products/accelerometers/titan-sma Product:...