Detect Unauthorized Processes Making Changes in Your Environment with Qualys File Integrity Monitoring

With the average cost of a data breach exceeding $3.5 million as per Cost of a Data Breach Report, almost all organizations these days adopt stringent policies in order to safeguard their confidential business and customer information. Strong RBAC-driven systems have certainly made it difficult f...

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2019-1462)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALPINE-CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP...

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

Indicator of Compromise Scanner for CVE-2019-19781 This repos...

CVE-2019-15625

A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information...

CVE-2019-15625

A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information...

Quick Wins to Combat Data Leaks

Data leakage is a worry. Holding lots of sensitive information about your employees and your customers means that if data is exposed it would be a catastrophe. No one wants to be the next Mossack Fonseca, or Equifax, or Marriott Hotel, or Facebook, or… The majority of clients I speak to tell me...

The vulnerability of the mysql-gui-tools package (including mysql-query-browser and mysql-admin) arises from the storage of user credentials in an unencrypted form, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the mysql-gui-tools package including mysql-query-browser and mysql-admin is related to the storage of user credentials in an unencrypted form. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through the list of runni...

Security Bulletin: Vulnerabilities CVE-2018-5407 and CVE-2018-0734 in OpenSSL affect IBM i

Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive information, caused by execution engine sharing on...

EulerOS 2.0 SP3 : systemd (EulerOS-SA-2019-2671)

According to the version of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an...

Linux kernel input validation error vulnerability (CNVD-2020-00265)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An input validation error vulnerability exists in Linux kernel version 5.2.14 and earlier. The vulnerability arises from a networked system or product that does not...

(0Day) Linux Kernel proc stat Improper Access Control Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the logi...

Fedora Local Elevation of Privilege Vulnerability

Fedora is a set of Linux operating systems from the Fedora community. A security vulnerability exists in mom in Fedora. A local attacker can exploit this vulnerability to edit the PID file and terminate other processes...

Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: Stack corruption due to incorrect number of arguments in WebRTC code. CVE-2019-13722 Buffer overflow in plain text serializer. CVE-2019-17005 Use-after-free in worker destruction. CVE-2019-17008 Updater temporary files accessible to...

Memory Leak

mongoose is vulnerable to memory leaks. Remote attackers could cause crash the application due to $versionError not being deleted which would lead to processes running out of memory...

Insights from one year of tracking a polymorphic threat

A little over a year ago, in October 2018, our polymorphic outbreak monitoring system detected a large surge in reports, indicating that a large-scale campaign was unfolding. We observed as the new threat attempted to deploy files that changed every 20-30 minutes on thousands of devices. We gave...

openSUSE Security Update : java-11-openjdk (openSUSE-2019-2557)

This update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed October 2019 CPU bsc1154212: - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Bett...

CVE-2012-6136

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes...

Code injection

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes...

CVE-2012-6136

CVE-2012-6136 affects the Linux tuned daemon (e.g., tuned 2.10.0) where the PID file is created with insecure permissions, enabling local users to kill arbitrary processes. Technical details across multiple advisories (SUSE, Debian/Ubuntu, Red Hat) confirm the same root cause and impact. Remediat...