wildfly: Race condition on PID file allows for termination of arbitrary processes by local users

A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...

wildfly: Race condition on PID file allows for termination of arbitrary processes by local users

A flaw was discovered in wildfly that would allow local users, who are able to execute init.d script, to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root...

Fedora Update for polkit FEDORA-2019-e957cecffd

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-3805

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate a...

CVE-2019-3805

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate a...

Design/Logic Flaw

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate a...

CVE-2019-3805

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate a...

VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation Exploit

Exploit for windows platform in category local exploits VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host doesn’t secure its COM interface leading...

CVE-2019-2633

Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite subcomponent: Messages. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2018-16878

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS...

CVE-2018-16878

A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS...

Dolby DAX2 API Denial of Service - Lenovo Support US

No description provided...

[SECURITY] Fedora 30 Update: gnome-system-monitor-3.32.1-2.fc30

gnome-system-monitor allows to graphically view and manipulate the running processes on your system. It also provides an overview of available resourc es such as CPU and memory...

CVE-2018-4004

An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit...

CVE-2018-16878

A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS...

PT-2019-10744 · Feingeist · Shimo Vpn

Name of the Vulnerable Software and Affected Versions: Shimo VPN version 4.1.5.1 Description: A privilege escalation issue exists in the helper service, specifically in the disconnectService functionality. This allows a non-root user to kill any privileged process on the system. An attacker needs...

Ancestry: On the Vanguard of DevOps Security

Grant Johnson, Ancestry's Director, Risk & Compliance This is a guest post by Grant Johnson, Director, Risk & Compliance at Ancestry Over the past two years, Ancestry moved its entire applications and data infrastructure from local data centers to Amazon’s cloud, and this required a new approach...

TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping

Overview FireEye can now confirm that we have uncovered and are responding to an additional intrusion by the attacker behind TRITON at a different critical infrastructure facility. In December 2017, FireEye publicly released our first analysis on the TRITON attack where malicious actors used the...

Code injection

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...