CVE-2020-2000 PAN-OS: OS command injection and memory corruption vulnerability

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than...

CVE-2020-2000

CVE-2020-2000 is a command-injection and memory-corruption vulnerability in Palo Alto Networks PAN-OS management web interface. The issue affects PAN-OS versions prior to fixed releases: 8.1.16, 9.0.10, 9.1.4, and 10.0.1. It requires authenticated administrators and can disrupt system processes a...

PAN-OS: OS command injection and memory corruption vulnerability

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. Work around: Until PAN-OS software is upgraded to a...

2020 Was a Secure Election

Over at Lawfare: "2020 Is An Election Security Success Story So Far." What’s more, the voting itself was remarkably smooth. It was only a few months ago that professionals and analysts who monitor election administration were alarmed at how badly unprepared the country was for voting during a...

squid: Information Disclosure issue in FTP Gateway

A flaw was found in squid. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes...

Security update for icinga2 (moderate)

openSUSE Security Update: Security update for icinga2 Announcement ID: openSUSE-SU-2020:1820-1 Rating: moderate References: 1159869 1172171 1174075 Cross-References: CVE-2020-14004 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1...

kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege

A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege

A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Managing Application Vulnerabilities Manually?

In spite of the fact that automation and application vulnerability resolution platforms like ThreadFix have existed for a decent length of time, we continue to see organizations that try to muscle ahead with their existing manual processes. We continue to be surprised that organizations manage...

CVE-2020-10140

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths...

Code injection

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths...

CVE-2020-10140

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths...

kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege

A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege

A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege

A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

The vulnerability of the WildFly application server in Java, caused by synchronization errors when using a shared resource, allows attackers to terminate arbitrary processes in the system.

The vulnerability of the WildFly application server in Java is caused by synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to terminate arbitrary processes in the system by modifying the PID file located at /var/run/jboss-eap/...

CVE-2020-0412

In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-0412

In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability

Cisco IOS XR Software is an operating system developed by Cisco for its network devices.A memory exhaustion vulnerability exists in Cisco IOS XR Software DVMRP, which can be exploited by attackers to crash IGMP processes or cause memory exhaustion...

ASB-A-160390416

In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation...