2272 matches found
hw: Vector Register Data Sampling
A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...
CVE-2020-14974
The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes even ones running as SYSTEM that hold a handle, via IOCTL code 0x222124...
Code injection
The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes even ones running as SYSTEM that hold a handle, via IOCTL code 0x222124...
CVE-2020-14974
The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes even ones running as SYSTEM that hold a handle, via IOCTL code 0x222124...
Barracuda and Microsoft: Securing applications in public cloud
This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. Barracuda Cloud Application Protection CAP platform features integrations with Microsoft Azure Active Directory Azure AD and Azure Security Center. A component of CAP,...
wildfly: Race condition on PID file allows for termination of arbitrary processes by local users
A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...
Input validation
In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
PAN-OS: Buffer overflow in authd authentication response
A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. Work around: This issue affects the management interface of PAN-OS and you can mitiga...
hw: Vector Register Data Sampling
A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...
hw: Vector Register Data Sampling
A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...
hw: Vector Register Data Sampling
A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...
Code injection
An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions...
CVE-2020-9842
An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions...
Linux: Get running services
A service is a process or group of processes commonly known as daemons running continuously in the background, waiting for requests to come in especially from clients. Note: This script only stores information for other Policy Controls. SPDX-FileCopyrightText: 2020 Greenbone AG Some text...
A new way to manage supply chain risk – Introducing the AICPA SOC for Supply Chain report
With the continuation of its System and Organization Controls SOC suite of services SOC 2®, SOC for Cybersecurity, etc., the American Institute of Certified Public Accountants AICPA has released a new report format that focuses on manufacturing and distribution supply chains. The AICPAs SOC for...
DoubleGun Group Builds Massive Botnet Using Cloud Services
An operation from the China-based cybercrime gang known as DoubleGun Group has been disrupted, which had amassed hundreds of thousands of bots that were controlled via public cloud services, including Alibaba and Baidu Tieba. NetLab 360 researchers, in a recent posting, said that it noticed DNS...
CVE-2020-12388
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR 68.8 and Firefox 76...
CVE-2020-12389
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR 68.8 and Firefox 76...
CVE-2020-12388
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR 68.8 and Firefox 76...
Design/Logic Flaw
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR 68.8 and Firefox 76...