CVE-2019-19750

minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product...

PT-2019-15947 · Minerstat · Msos

Name of the Vulnerable Software and Affected Versions: minerstat msOS versions prior to 2019-10-23 Description: The issue is related to the lack of unique SSH keys for each instance of the product. This could potentially lead to security risks. Recommendations: For versions prior to 2019-10-23,...

How to Reset Password in Veeam Backup for AWS

Related User Guide Page Veeam Backup for AWS User Guide: Accessing Web UI from Workstation Challenge You may need to reset a password in Veeam Backup for AWS. Solution Make sure that the machine you are using for troubleshooting is in the list of allowed IP addresses in the Security Groups of you...

Veeam Backup for AWS Recovery/Migration Procedure

Purpose This article documents how to recover or migrate Veeam Backup for AWS data to a new instance. Solution Recommended Method Starting with Veeam Backup for AWS 5.0, Configuration Backup and Restore is available and is now the simplest way to restore/migrate. Performing Configuration Backup...

Design/Logic Flaw

The admin sys mode is now conditional and dedicated for the special case. By default, since email protected no instance container is launched with advanced capabilities not launched as root...

CVE-2012-6639

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data...

Privilege escalation

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data...

CVE-2012-6639

CVE-2012-6639 describes a privilege-elevation vulnerability in Cloud-init prior to 0.7.0. The issue occurs when requests to an untrusted system are made for EC2 instance data, allowing an attacker with network access to leverage low-privileged execution to gain higher privileges. The available co...

CVE-2012-6639

An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data...

Design/Logic Flaw

Use after free issue in Xtra daemon shutdown due to static object instance getting freed from a multiple places in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,...

Code injection

The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream...

Debian DLA-1988-1 : ampache security update

Several vulnerabilities were discovered in Ampache, a web-based audio file management system. CVE-2019-12385 A stored XSS exists in the localplay.php LocalPlay 'add instance' functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to...

GSA Bounty: Cache poisoning DoS to various TTS assets

I have recently come across a technique to force a Cloudfoundry app to return a HTTP 404 error when requesting any resource, which contains cache friendly headers. What this means is, if the Cloudfoundry app in question is behind a web cache like Cloudfront or Cloudflare etc, it will possibly sto...

U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] CVE-2018-2879 (padding oracle attack in the Oracle Access Manager) at https://█████████

Description We were able to identify CVE-2018-2879 in Oracle Access Manager, used on the https://██████ Link to the CVE: https://nvd.nist.gov/vuln/detail/CVE-2018-2879 This vulnerability is rated critical, and may allow unauthenticated attacker with network access via HTTP to compromise Oracle...

Qualys Vulnerability Signature Release 2.4.722-4 Oracle DB New Feature

The release of the Qualys Vulnerability Signature, version 2.4.722-4, includes changes for Oracle Database signatures. The 2.4.722-4 release is live as of October 11, 2019. Feature Highlights Oracle Database Signatures 2019 With the 2.4.722-4 release, Qualys Vulnerability Management extends its...

GNU Binutils Denial of Service Vulnerability (CNVD-2019-34651)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in findabstractinstance in dwarf2.c in the Binary File Descriptor BFD library used in GNU Binutils 2.32. A...

Service workers at TPAC

Last month we had a service worker meeting at the W3C TPAC conference in Fukuoka. For the first time in a few years, we focused on potential new features and behaviours. Here's a summary: Resurrection finally killed reg.unregister; If you unregister a service worker registration, it's removed fro...

CVE-2019-12675

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to...

Design/Logic Flaw

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to...

Design/Logic Flaw

Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the host namespace. These vulnerabilities are due to...