1194 matches found
USN-4325-1: Linux kernel vulnerabilities
It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service kernel memory exhaustion. CVE-2019-19046 Al Viro discovered that the vfs layer in the Linux...
USN-4324-1: Linux kernel vulnerabilities
Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2020-8428 Shijie Luo discovered that the ext4 file system...
Kubernetes: DoS for GCSArtifact.RealAll
Hi, I'm not be goot at english, if have anything don’t understand, please contact me. Thanks! Summary: attackers can control artifactName list make google storage client download large object cause denial of service. Component Version:...
CVE-2019-13171
Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handlin...
CVE-2019-13171
Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handlin...
CVE-2019-13171
Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handlin...
Stack overflow
Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handlin...
CVE-2019-13171
CVE-2019-13171 affects some Xerox printers (e.g., Phaser 3320) due to stack-based buffer overflows in the Google Cloud Print implementation. The root cause is insecure handling of the register parameters and an unchecked memcpy() size, which can allow an unauthenticated attacker to execute arbitr...
CVE-2019-13171
Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handlin...
$100K Paid Out for Google Cloud Shell Root Compromise
Google has awarded its inaugural annual top prize for the Google Cloud Platform GCP, for vulnerabilities found in the Google Cloud Shell. The find — a container escape that leads to host root access and the ability to use privileged containers — has earned $100,000 for Dutch researcher Wouter ter...
$100K Paid Out for Google Cloud Shell Root Compromise
Google has awarded its inaugural annual top prize for the Google Cloud Platform GCP, for vulnerabilities found in the Google Cloud Shell. The find — a container escape that leads to host root access and the ability to use privileged containers — has earned $100,000 for Dutch researcher Wouter ter...
Citrix Gateway Cache Overflow Vulnerability
Citrix Gateway is a customer-managed solution that can be deployed locally or on any public cloud, such as AWS, Azure or Google Cloud Platform. Citrix Gateway has a security vulnerability. An attacker can exploit the vulnerability to cache poisoning...
A Massive U.S. Property and Demographic Database Exposes 200 Million Records
More than 200 million records containing a wide range of property-related information on US residents were left exposed on a database that was accessible on the web without requiring any password or authentication. The exposed data — a mix of personal and demographic details — included the name,...
USN-4287-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. CVE-2019-14615 It was discovered that the Atheros 802.11ac wireless USB device driver in the...
ALPINE-CVE-2019-10217
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by nolog feature. Some of these fields in GCP modules are not set properly. serviceaccountcontents which is common class for all gcp modules is not setting nolog to True. Any sensitive data manage...
DEBIAN-CVE-2019-10217
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by nolog feature. Some of these fields in GCP modules are not set properly. serviceaccountcontents which is common class for all gcp modules is not setting nolog to True. Any sensitive data manage...
UBUNTU-CVE-2019-10217
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by nolog feature. Some of these fields in GCP modules are not set properly. serviceaccountcontents which is common class for all gcp modules is not setting nolog to True. Any sensitive data manage...
PYSEC-2019-3
A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensitive data should be set as such by nolog feature. Some of these fields in GCP modules are not set properly. serviceaccountcontents which is common class for all gcp modules is not setting nolog to True. Any sensitive data manage...
ScoutSuite - Multi-Cloud Security Auditing Tool
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of...
USN-4115-2: Linux kernel regression
USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue. We apologize for...