cups: Local privilege escalation to root due to insecure environment variable handling

It was discovered that CUPS allows non-root users to pass environment variables to CUPS backends. Affected backends use attacker-controlled environment variables without proper sanitization. A local attacker, who is part of one of the groups specified in the SystemGroups directive, could use the...

Trickbot: A primer

By Chris Neal Executive Summary Trickbot remains one of the most sophisticated banking trojans in the landscape while constantly evolving.Highly modular, Trickbot can adapt to different environments with the help of its various modules.The group behind Trickbot has expanded their activities beyon...

Product update: Virtuozzo Automator 7.0 Update 2 Hotfix 9 (VA MN: 7.0.2-645, VA Agent: 7.0.2-364)

Hotfix 9 for Virtuozzo Automator 7.0.2 provides stability and usability fixes. Vulnerability id: PVA-35779 Virtuozzo Automator warns about low disk space on SSDs with storage cache and journals. Vulnerability id: PVA-37393 VA agent can fully load MDS on nodes with lots of containers on Virtuozzo...

Emerging APT Mounts Mass iPhone Surveillance Campaign

A recently discovered, mass-targeted watering-hole campaign has been aiming at Apple iPhone users in Hong Kong – infecting website visitors with a newly developed custom surveillance malware. The bad code – the work of a new APT called “TwoSail Junk” – is delivered via a multistage exploit chain...

Criminals hack Tupperware website with credit card skimmer

Update 2: A spokesperson for Tupperware has given a public statement to Alex Scroxton, Security Editor at ComputerWeekly. You can read it here. Update: Following our blog post, we continued to monitor the Tupperware website. As of 03/25 at 1:45 PM PT, we noticed that the malicious PNG file had be...

GitLab Input Validation Error Vulnerability (CNVD-2020-190200)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An input validation error vulnerability exists in GitLab...

CVE-2019-19029

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform...

PT-2020-10037 · Cloud Native Computing Foundation +1 · Harbor +1

Name of the Vulnerable Software and Affected Versions: Cloud Native Computing Foundation Harbor versions prior to 1.8.6 and 1.9.3 Description: The issue allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. This is a result of a flaw in the Cloud...

Moodle Information Disclosure Vulnerability (CNVD-2020-24680)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle. An attacker could exploit the vulnerability to view the grades of other groups of users...

Sapplica Sentrifugo SQL Blind Bets Vulnerability

Sentrifugo is an intuitive and easy to use open source human resource management software. Sapplica Sentrifugo 3.2 suffers from an SQL blind injection vulnerability. An attacker can exploit this vulnerability to read sensitive information from a database used by the application via the...

Odd security letter issued to Microsoft a high-risk vulnerability warning Win10 as the main effect of the target-vulnerability warning-the black bar safety net

Recently, Qi'an letter of Threat Intelligence Center released Microsoft WindowsSMBv3 service remote code execution vulnerability announcements. Notice that 3 on 11 May, the foreign company released a recent Microsoft security patch design vulnerability summary, which includes a threat level is...

CVE-2020-10088

GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level...

CVE-2020-10083

GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied...

CVE-2020-10083

GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied...

CVE-2020-10088

GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level...

CVE-2020-10088

GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level...

CVE-2020-10083

CVE-2020-10083 affects GitLab 12.7–12.8.1. The issue is described as insecure permissions where, under certain conditions involving groups, project authorization changes were not being applied. The root cause is related to failure to update project authorizations, which could impact the intended ...

CVE-2020-10083

GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied...

CVE-2020-10083

Removed by vendor...

CVE-2020-10088

GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level...