The Evolution of DevOps in 2021

DevOps has long been a key tool in helping organizations reliably and rapidly deliver systems into production. While in the past, IT and software development teams suffered from lengthy processes and struggled to resolve incompatible priorities, now DevOps allows for easier collaboration, as well...

Design/Logic Flaw

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2021-1905

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

Design/Logic Flaw

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character...

CVE-2020-28015

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character...

CVE-2020-28015

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character...

CVE-2020-28015

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character...

Scripps Cyberattack Causes Widespread Hospital Outages

Scripps Health, a hospital network based in San Diego, was hit by a cyberattack over the weekend, forcing some critical-care patients to be diverted, according to the San Diego Union-Tribune. Scripps acknowledged the attack in a statement but didn’t specify whether it was a ransomware incident...

selinux-policy bug fix and enhancement update

The selinux-policy packages contain the rules that govern how confined processes run on the system. Bug Fixes and Enhancements: Slow listing of files owned by 'nobody' on nfs share with SELinux and 'filterusers' rhel-8.3.0.z BZ1947170...

Xiaomi Mobile Phone MIUI Information Disclosure Vulnerability

Xiaomi MIUI is a set of Android-based smartphone operating systems developed by China's Xiaomi Technology Xiaomi. An information disclosure vulnerability exists in Xiaomi Mobile Phone MIUI versions prior to 2021.01.26. The vulnerability can be exploited by an attacker to obtain a list of running...

Cost of Account Unlocks, and Password Resets Add Up

There are many labor-intensive tasks that the IT service desk carries out on a daily basis. None as tedious and costly as resetting passwords. Modern IT service desks spend a significant amount of time both unlocking and resetting passwords for end-users. This issue has been exacerbated by the...

SUSE: Security Advisory (SUSE-SU-2018:2814-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

npm portkiller 命令注入漏洞

npm Portkiller is an application from the American company npm. Provides a kill port function. Portkiller has a security vulnerability that can be exploited by an attacker to potentially execute arbitrary commands. This is due to the use of child processes to execute functions without input...

npm onion-oled-js 命令注入漏洞

npm onion-oled-js is an application from the American company npm. A JS library is provided that exposes a collection of functions that wrap the oled-exp executable that controls the onion omega OLED display. A security vulnerability exists in onion-oled-js that can be exploited by an attacker to...

npm roar-pidusage 命令注入漏洞

npm roar-pidusage is an application from the American company npm. It is used for cross-platform process cpu% and PID memory usage. roar-pidusage has a security vulnerability that can be exploited by an attacker to potentially execute arbitrary commands. This is due to the use of child processes ...

ps-visitor 命令注入漏洞

npm ps-visitor is an application from npm, Inc. node.js access commands ps aux and kill. ps-visitor has a security vulnerability that can be exploited by an attacker to potentially execute arbitrary commands. This is due to the use of child processes to execute functions without input validation...

IRTriage - Incident Response Triage - Windows Evidence Collection For Forensic Analysis

Scripted collection of system information valuable to a Forensic Analyst. IRTriage will automatically "Run As ADMINISTRATOR" in all Windows versions except WinXP. The original source was Triage-ir v0.851 an Autoit script written by Michael Ahrendt. Unfortunately Michael's last changes were posted...

CVE-2021-25363

An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files...

Improper access control

An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files...

CVE-2021-25363

Summary: CVE-2021-25363 describes an improper access control in Samsung’s ActivityManagerService prior to the SMR APR-2021 Release 1, enabling untrusted applications to access running processes and delete local files. Affected scope (from provided sources): Samsung SMR (system patch package) prio...