Gentoo net-im/jabberd2 elevation of privilege vulnerability

The Gentoo net-im/jabberd2 package is an XMPP Extensible Message Processing Field Protocol package from the Gentoo Foundation. A security vulnerability exists in the Gentoo net-im/jabberd2 package version 2.6.1 and earlier. A local attacker can exploit the vulnerability to terminate arbitrary...

CVE-2018-6080

Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes...

Blast from the past: stowaway Virut delivered with Chinese DDoS bot

Recently, we described an unusual Chinese drive-by attack that was delivering a variant of the Avzhan DDoS bot. The attack also contained multiple components that were not-so-new. Among the exploits, the newest was from 2016. Avzhan is also not a recent malware—the compilation timestamp of the...

VIDEO: Unfiltered Endpoint Data – A Platform For Consolidated Endpoint Management

A PLATFORM FOR CONSOLIDATED ENDPOINT MANAGEMENT In our last post of this series, we talked about the key to better endpoint threat detection. It’s all about the data you collect. Across the board, endpoint security solutions use pre-defined signatures or rules to detect threats — only conducting...

CVE-2017-10271 Used to Deliver CryptoMiners: An Overview of Techniques Used Post-Exploitation and Pre-Mining

Introduction FireEye researchers recently observed threat actors abusing CVE-2017-10271 to deliver various cryptocurrency miners. CVE-2017-10271 is a known input validation vulnerability that exists in the WebLogic Server Security Service WLS Security in Oracle WebLogic Server versions 12.2.1.2.0...

Debian: Security Advisory (DLA-1069-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-6536

An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script...

Design/Logic Flaw

An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script...

CVE-2018-6536

An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script...

CVE-2018-6536

An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script...

DEBIAN-CVE-2017-15132

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to...

ALPINE-CVE-2017-15132

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to...

Unspecified Vulnerability in Pipeline: Nodes and Processes Plugin

Pipeline: Nodes and Processes is a node and process plugin for use in Jenkins. A security vulnerability exists in Pipeline: Nodes and Processes plugin version 2.17 and earlier, which stems from the program failing to properly detect permissions. No information about this vulnerability is availabl...

UBUNTU-CVE-2017-15132

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to...

CVE-2018-1000015

On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline node blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes...

CVE-2018-1000015

On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline node blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes...

How to Fix a Mac That’s Running Slow

Every device sooner or later begins to run slower and slower. Even the Mac, which is a highly-efficient Apple product, starts to slow down and becomes a real pain to use over time. If you are a heavy Mac user this is especially true and you are more likely to experience performance issues. There...

CVE-2018-1000015

CVE-2018-1000015 affects Jenkins with the Authorize Project plugin where authentication for a build may lack Computer/Build permission on some agents. The vulnerability arises from incorrect permission checks in Pipeline: Nodes and Processes plugin versions 2.17 and earlier, which allowed executi...

A coin miner with a “Heaven’s Gate”

You might call the last two years the years of ransomware. Ransomware was, without a doubt, the most popular type of malware. But at the end of last year, we started observing that ransomware was losing its popularity to coin miners. It is very much possible that this trend will grow as 2018...

Command injection

lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the 1 mysqldump, 2 pgdump, 3 mysql, and 4 psql command lines, which allows local users to obtain sensitive information by listing the processes...