Lucene search
+L

1194 matches found

vulnrichment
vulnrichment
added 2020/06/22 1:45 p.m.16 views

CVE-2020-8907 Priviged Escalation in Google Cloud Platform's Guest-OSLogin

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and...

9.3CVSS6.9AI score0.00309EPSS
Exploits1References5
cvelist
cvelist
added 2020/06/22 1:45 p.m.27 views

CVE-2020-8903 Priviged Escalation in Google Cloud Platform's Guest-OSLogin

A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from th...

7.3CVSS7.5AI score0.00315EPSS
Exploits1References5
debiancve
debiancve
added 2020/06/22 1:45 p.m.56 views

CVE-2020-8907

Removed by vendor...

9.3CVSS7.6AI score0.00309EPSS
Exploits1
cve
cve
added 2020/06/22 1:45 p.m.167 views

CVE-2020-8903

CVE-2020-8903 affects Google Cloud Platform's guest-oslogin in versions 20190304–20200507, enabling a user with roles/compute.osLogin to escalate to root by abusing membership in the adm group to read the DHCP XID, modify IP/hostname in /etc/hosts, redirect metadata.google.internal to an arbitrar...

7.8CVSS7.4AI score0.00315EPSS
Exploits1References5Affected Software1
cve
cve
added 2020/06/22 1:45 p.m.163 views

CVE-2020-8907

CVE-2020-8907 affects Google Cloud Platform’s guest-oslogin (versions between 20190304 and 20200507). A user with only the roles/compute.osLogin role can escalate to root by using their membership in the docker group to run docker, mount the host OS, and modify the host filesystem (including /etc...

9.3CVSS7.6AI score0.00309EPSS
Exploits1References5Affected Software1
debiancve
debiancve
added 2020/06/22 1:45 p.m.50 views

CVE-2020-8903

Removed by vendor...

7.8CVSS7.6AI score0.00315EPSS
Exploits1
ptsecurity
ptsecurity
added 2020/06/22 12:0 a.m.5 views

PT-2020-20360 · Google Cloud Platform +1 · Guest-Oslogin +1

Name of the Vulnerable Software and Affected Versions: Google Cloud Platform's guest-oslogin versions 20190304 through 20200507 Description: A vulnerability in Google Cloud Platform's guest-oslogin allows a user with the role "roles/compute.osLogin" to escalate privileges to root. This is achieve...

9.3CVSS7.7AI score0.00353EPSS
Exploits3References33
ptsecurity
ptsecurity
added 2020/06/19 12:0 a.m.4 views

PT-2020-3712 · Google +1 · Google Cloud +1

Name of the Vulnerable Software and Affected Versions: Google Cloud OS guest-oslogin versions 20190304 through 20200507 Description: The issue is related to incorrect default permission settings in the guest-oslogin feature of Google Cloud OS. This allows an attacker to escalate privileges to roo...

9.3CVSS7.9AI score0.00353EPSS
Exploits3References30
threatpost
threatpost
added 2020/06/15 3:36 p.m.100 views

'Lamphone' Hack Uses Lightbulb Vibrations to Eavesdrop on Homes

Researchers have discovered a novel way to spy on conversations that are happening in houses from almost a hundred feet away. The hack stems simply from a lightbulb hanging in the home. The hack, dubbed “lamphone,” is performed by analyzing the tiny vibrations of a hanging lightbulb, which are...

7.2AI score
Exploits0References9
ptsecurity
ptsecurity
added 2020/06/10 12:0 a.m.9 views

PT-2020-13247 · Hashicorp +1 · Hashicorp Vault +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.4.0 through 1.4.1 Description: The issue arises when HashiCorp Vault and Vault Enterprise are configured with the GCP Secrets Engine, potentially leading to the incorrect generation of GCP...

9.8CVSS7.2AI score0.01522EPSS
Exploits0References11
ubuntu
ubuntu
added 2020/05/28 8:20 p.m.210 views

USN-4363-1: Linux kernel vulnerabilities

It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-11494 It was discovered that the linux kernel did not properly validate certain mount options to the...

7.8CVSS6.4AI score0.00722EPSS
Exploits0
ubuntu
ubuntu
added 2020/05/24 2:16 a.m.199 views

USN-4367-1: Linux kernel vulnerabilities

It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service system crash. CVE-2019-19377 It was...

7.8CVSS6.4AI score0.034EPSS
Exploits2
threatpost
threatpost
added 2020/05/21 12:0 p.m.58 views

Crooks Tap Google Firebase in Fresh Phishing Tactic

A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways. Google Firebase is a mobile and web application development platfor...

7.2AI score
Exploits0References7
carbonblack
carbonblack
added 2020/05/13 12:0 p.m.82 views

VMware Launches Next-Gen SOC Alliance with Splunk, IBM Security, Google Cloud’s Chronicle, Exabeam, and Sumo Logic

Today at Connect 2020, our company's annul cybersecurity conference, we made some exciting announcements, including the creation of a Next-Gen SOC Alliance. The alliance empowers SOC teams with visibility, prevention, detection and response capabilities that can uniquely leverage the VMware fabri...

0.9AI score
Exploits0
veeam
veeam
added 2020/05/12 12:0 a.m.21 views

Google Cloud VMware Engine (GCVE) Support Statement

Support Statement Google Cloud VMware Engine GCVE is a fully compliant and certified full-stack cloud infrastructure sold and supported by Google. You can natively deploy VMware vSphere-based workloads in a dedicated Software-Defined Data Center SDDC on Google Cloud and utilize the same...

6.8AI score
Exploits0Affected Software1
rhino
rhino
added 2020/05/05 6:0 p.m.37 views

Privilege Escalation in Google Cloud Platform – Part 2 (Non-IAM)

The post Privilege Escalation in Google Cloud Platform - Part 2 Non-IAM appeared first on Rhino Security Labs...

3.1AI score
Exploits0
rhino
rhino
added 2020/05/05 3:20 p.m.31 views

Privilege Escalation in Google Cloud Platform – Part 1 (IAM)

The post Privilege Escalation in Google Cloud Platform - Part 1 IAM appeared first on Rhino Security Labs...

3.9AI score
Exploits0
osv
osv
added 2020/04/24 7:15 p.m.2 views

CVE-2020-7134

A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP versions: 1.4.0, 1.4.1, 1.4.2, 1.2.4.2...

6.5CVSS6.7AI score
Exploits0References1
osv
osv
added 2020/04/24 7:15 p.m.6 views

CVE-2020-7133

A unauthorized remote access vulnerability was discovered in HPE IOT + GCP versions: 1.4.0, 1.4.1, 1.4.2, 1.2.4.2...

9.8CVSS7.3AI score0.01748EPSS
Exploits0References1
kitploit
kitploit
added 2020/04/11 12:30 p.m.269 views

Serverless Prey - Serverless Functions For Establishing Reverse Shells To Lambda, Azure Functions, And Google Cloud Functions

Serverless Prey is a collection of serverless functions FaaS, that, once launched to a cloud environment and invoked, establish a TCP reverse shell, enabling the user to introspect the underlying container: Panther: AWS Lambda written in Node.js Cougar: Azure Function written in C Cheetah: Google...

7.4AI score
Exploits0References6
Rows per page
Query Builder