AZL-6528 CVE-2020-35508 affecting package kernel for versions less than 5.10.78.1-1

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

DEBIAN-CVE-2020-35508

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

Cisco Access Point Software Arbitrary Code Execution Vulnerability

A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploi...

[SECURITY] Fedora 34 Update: libksysguard-5.21.3.1-1.fc34

KSysGuard library provides API to read and manage processes running on the system...

Akamai Launch Cohort 2 of Accelerator Program for Early-Stage Innovations in Water

Akamai Technologies India Pvt. Ltd. has chosen the grantees for Cohort 2 of Accelerator Program for Early-Stage Innovations in Water. The Accelerator Program enables grantees to ideate their technology-based solutions for water conservation. This year, two grantees -- SmartTerra and Jaljeevika --...

USN-4808-1: Tinyproxy vulnerability

It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service...

USN-4808-1 tinyproxy vulnerability

It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service...

Schneider Electric Interactive Graphical SCADA System Buffer Overflow Vulnerability (CNVD-2021-31178)

Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. A buffer overflow vulnerability exists in Interactive Graphical SCADA System IGSS Definition...

MGASA-2021-0123 Updated glib2.0 packages fix security vulnerabilities

Fix various instances within GLib where gmemdup was vulnerable to a silent integer truncation and heap overflow problem discovered by Kevin Backhouse, work by Philip Withnall 2319 Fix some issues with handling over-long invalid input when parsing for GDate !1824 Don't load GIO modules or parse...

AWS File Storage Security & Scanning Basics

Keep up with how each new AWS service affects the security posture of your applications and development processes...

Linux: special config may crash when trying to map foreign pages

ISSUE DESCRIPTION With CONFIGXENBALLOONMEMORYHOTPLUG disabled and CONFIGXENUNPOPULATEDALLOC enabled the Linux kernel will use guest physical addresses allocated via the ZONEDEVICE functionality for mapping foreign guest's pages. This will result in problems, as the p2m list will only cover the...

Apport 2.20 - Local Privilege Escalation

Exploit Title: Apport 2.20 - Local Privilege Escalation Date: 18/02/21 Exploit Author: Gr33nh4t Vendor Homepage: https://ubuntu.com/ Version: Apport: Ubuntu 20.10 - Before 2.20.11-0ubuntu50.5 Apport: Ubuntu 20.04 - Before 2.20.11-0ubuntu27.16 Apport: Ubuntu 18.04 - Before 2.20.9-0ubuntu7.23 Appor...

CVE-2020-27352

When generating the systemd service units for the docker snap and other similar snaps, snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading syst...

Leveraging the Cost Optimization Pillar for Well-Architected Environments

In this article, we will explore the Cost Optimization pillar of the AWS Well-Architected Framework, examining best practices for designing processes that make it possible to go to market and optimize costs early on...

Insecure Access Controls

HashiCorp Nomad and Nomad Enterprise uses insecure access controls. Exec and Java task drivers are able to access processes associated with other tasks on the same node...

flatpak: sandbox escape via spawn portal

A flaw was found in Flatpak. The Flatpak portal D-Bus service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the flatpak run command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set...

Uroboros - A GNU/Linux Monitoring And Profiling Tool Focused On Single Processes

Uroboros is a GNU/Linux monitoring tool focused on single processes. While utilities like top, ps and htop provide great overall details, they often lack useful temporal representation for specific processes, such visual representation of the process data points can be used to profile, debug and...

selinux-policy bug fix and enhancement update

The selinux-policy packages contain the rules that govern how confined processes run on the system. Bug Fixes and Enhancements: SELinux is preventing systemd-sleep from 'read' accesses on the file swap in EC2 Hibernate BZ1890884...

CVE-2021-3283

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3...

Denial of service

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3...