1194 matches found
CVE-2020-8907 Priviged Escalation in Google Cloud Platform's Guest-OSLogin
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and...
CVE-2020-8903 Priviged Escalation in Google Cloud Platform's Guest-OSLogin
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from th...
CVE-2020-8907
Removed by vendor...
CVE-2020-8903
CVE-2020-8903 affects Google Cloud Platform's guest-oslogin in versions 20190304–20200507, enabling a user with roles/compute.osLogin to escalate to root by abusing membership in the adm group to read the DHCP XID, modify IP/hostname in /etc/hosts, redirect metadata.google.internal to an arbitrar...
CVE-2020-8907
CVE-2020-8907 affects Google Cloud Platform’s guest-oslogin (versions between 20190304 and 20200507). A user with only the roles/compute.osLogin role can escalate to root by using their membership in the docker group to run docker, mount the host OS, and modify the host filesystem (including /etc...
CVE-2020-8903
Removed by vendor...
PT-2020-20360 · Google Cloud Platform +1 · Guest-Oslogin +1
Name of the Vulnerable Software and Affected Versions: Google Cloud Platform's guest-oslogin versions 20190304 through 20200507 Description: A vulnerability in Google Cloud Platform's guest-oslogin allows a user with the role "roles/compute.osLogin" to escalate privileges to root. This is achieve...
PT-2020-3712 · Google +1 · Google Cloud +1
Name of the Vulnerable Software and Affected Versions: Google Cloud OS guest-oslogin versions 20190304 through 20200507 Description: The issue is related to incorrect default permission settings in the guest-oslogin feature of Google Cloud OS. This allows an attacker to escalate privileges to roo...
'Lamphone' Hack Uses Lightbulb Vibrations to Eavesdrop on Homes
Researchers have discovered a novel way to spy on conversations that are happening in houses from almost a hundred feet away. The hack stems simply from a lightbulb hanging in the home. The hack, dubbed “lamphone,” is performed by analyzing the tiny vibrations of a hanging lightbulb, which are...
PT-2020-13247 · Hashicorp +1 · Hashicorp Vault +2
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.4.0 through 1.4.1 Description: The issue arises when HashiCorp Vault and Vault Enterprise are configured with the GCP Secrets Engine, potentially leading to the incorrect generation of GCP...
USN-4363-1: Linux kernel vulnerabilities
It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-11494 It was discovered that the linux kernel did not properly validate certain mount options to the...
USN-4367-1: Linux kernel vulnerabilities
It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service system crash. CVE-2019-19377 It was...
Crooks Tap Google Firebase in Fresh Phishing Tactic
A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways. Google Firebase is a mobile and web application development platfor...
VMware Launches Next-Gen SOC Alliance with Splunk, IBM Security, Google Cloud’s Chronicle, Exabeam, and Sumo Logic
Today at Connect 2020, our company's annul cybersecurity conference, we made some exciting announcements, including the creation of a Next-Gen SOC Alliance. The alliance empowers SOC teams with visibility, prevention, detection and response capabilities that can uniquely leverage the VMware fabri...
Google Cloud VMware Engine (GCVE) Support Statement
Support Statement Google Cloud VMware Engine GCVE is a fully compliant and certified full-stack cloud infrastructure sold and supported by Google. You can natively deploy VMware vSphere-based workloads in a dedicated Software-Defined Data Center SDDC on Google Cloud and utilize the same...
Privilege Escalation in Google Cloud Platform – Part 2 (Non-IAM)
The post Privilege Escalation in Google Cloud Platform - Part 2 Non-IAM appeared first on Rhino Security Labs...
Privilege Escalation in Google Cloud Platform – Part 1 (IAM)
The post Privilege Escalation in Google Cloud Platform - Part 1 IAM appeared first on Rhino Security Labs...
CVE-2020-7134
A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP versions: 1.4.0, 1.4.1, 1.4.2, 1.2.4.2...
CVE-2020-7133
A unauthorized remote access vulnerability was discovered in HPE IOT + GCP versions: 1.4.0, 1.4.1, 1.4.2, 1.2.4.2...
Serverless Prey - Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions
Serverless Prey is a collection of serverless functions FaaS, that, once launched to a cloud environment and invoked, establish a TCP reverse shell, enabling the user to introspect the underlying container: Panther: AWS Lambda written in Node.js Cougar: Azure Function written in C Cheetah: Google...