369 matches found
Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 1)
This post is the first of a multi-part blog series that will explore and highlight the different risks that Windows Subsystem for Linux WSL poses to an enterprise IT environment. Here we examine a new Microsoft feature for GNU\Linux that increases the attack surface and introduces a lot more...
KLA12455 Multiple vulnerabilities in Microsoft SQL Server
Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft Power BI can be exploited remotely ...
New Malware Targets Windows Subsystem for Linux to Evade Detection
A number of malicious samples have been created for the Windows Subsystem for Linux WSL with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft"...
PT-2021-6318 · Microsoft · Windows Subsystem For Linux +1
Name of the Vulnerable Software and Affected Versions: Windows Subsystem for Linux affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows Subsystem for Linux, which can be exploited to elevate privileges. This could allow an attacker t...
CVE-2021-29703
Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659...
CVE-2021-29702
Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658...
Security Bulletin: Multiple vulnerabilities in Node.js affecting Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux
Summary Portions of Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i Modernization Tools, Java edition, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that affect the Cordova platform...
CVE-2020-4976
IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469...
Trend Micro Serverprotect for Linux 资源管理错误漏洞
Trend Micro Serverprotect for Linux is an antivirus program for enterprise environments from Trend Micro, USA. A memory exhaustion vulnerability exists in the scanning engine component in Trend Micro ServerProtect for Linux. A local attacker could exploit this vulnerability via specially crafted...
Trend Micro Serverprotect for Linux 资源管理错误漏洞
Trend Micro Serverprotect for Linux is an antivirus program for enterprise environments from Trend Micro, USA. A memory exhaustion vulnerability exists in the timed scanning component in Trend Micro ServerProtect for Linux. A local attacker could exploit this vulnerability via specially crafted...
Trend Micro Serverprotect for Linux Buffer Overflow Vulnerability
Trend Micro Trend Micro Serverprotect for Linux is an antivirus program for enterprise environments from Trend Micro, USA. Trend Micro ServerProtect for Linux suffers from a buffer overflow vulnerability that can be exploited by an attacker who can trigger a buffer overflow to trigger a denial of...
Veeam Agent for Linux - Expired Sectigo RootCA Certificates
Challenge Veeam Agent for Linux connecting to a Cloud Repository with a seemingly valid Cloud certificate fails with "certificate has expired". Cause On May 30th of 2020, Sectigo had an expired Root CA that will not be updated due to the age of the certificate...
CVE-2020-1423
An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'...
Beauty Parlour Management System 1.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Beauty Parlour Management System 1.0 - Authentication Bypass Exploit Author: Prof. Kailas PATIL krp Vendor Homepage: https://phpgurukul.com/ Software Link:...
The compatibility subsystem for running Linux applications allows Windows Subsystem for Linux (WSL) operating systems to enable unauthorized access to protected information by attackers.
The vulnerability of the compatibility subsystem for running Linux applications in Windows Subsystem for Linux WSL operating systems is related to object handling errors in the kernel. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through...
CVE-2020-1075
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka 'Windows Subsystem for Linux Information Disclosure Vulnerability'...
CVE-2020-1075
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka 'Windows Subsystem for Linux Information Disclosure Vulnerability'...
Information disclosure
An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka 'Windows Subsystem for Linux Information Disclosure Vulnerability'...
KLA11773 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of...
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2020-1361)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...