HashiCorp Nomad and Nomad Enterprise up to Security Breach

Hashicorp Nomad and Hashicorp Nomad Enterprise are both products of Hashicorp, Inc.Hashicorp Nomad is a distributed, data center-aware cluster and application scheduler. It supports the deployment of microservices, batch, containerized and non-containerized applications.Hashicorp Nomad Enterprise...

SharpEDRChecker - Checks Running Processes, Process Metadata, DLLs Loaded Into Your Current Process And The Each DLLs Metadata, Common Inst all Directories, Installed Services And Each Service Binaries Metadata, Installed Drivers And Each Drivers Metadata, All For The Presence Of Known Defensive Products Such As AV's, EDR's And Logging Tools

New and improved C Implementation of Invoke-EDRChecker. Checks running processes, process metadata, Dlls loaded into your current process and each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for...

IBM Planning Analytics Information Disclosure Vulnerability (CNVD-2021-06944)

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in IBM Planning Analytics version 2.0 that allows web pages to be...

Debian DSA-4830-1 : flatpak - security update

Simon McVittie discovered a bug in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system a sandbox escape. The Flatpak portal D-Bus service flatpak-portal, also known by its D-Bus service name org.freedesktop.portal.Flatpak allows apps in a...

Huawei Smartphone Buffer Error Vulnerability

Huawei Emui is an Android-based mobile operating system from China's Huawei.Honor Magic Ui is an Android-based mobile operating system from China's Honor. A buffer error vulnerability exists in Huawei smartphones, which can be exploited by an attacker to make application processes abnormal...

Microsoft Skype Authorization Issues Vulnerability

Microsoft Skype is a communication application from Microsoft USA. The program provides video calls and voice calls to other devices over the Internet for computers and mobile devices such as cell phones. A security vulnerability exists in Microsoft Skype through 8.59.0.77 on macOS that allows...

Security Bulletin: Communication between burst buffer processes not properly secured

Summary The bbProxy and bbServer processes did not properly use SSL send/receive primitives to communicate across the internal networks. Vulnerability Details Third Party Entry: PSIRT-ADV0023982 DESCRIPTION: Created from Advisory: ADV0023982 CVSS Base score: 5.3 CVSS Vector:...

Command Execution Vulnerability in Hua An Securities Hui Win pc Software

Hua An Securities Hui Win pc version is a stock financial terminal newly launched by Hua An Securities. Huaan Securities Hui Win pc software has a command execution vulnerability, which can be exploited by attackers to inject executable DLL files into client processes and execute arbitrary...

pentest-wiki

This repository is an information gathering library for penetration testers and researchers, containing various tools and documentation for gathering information about a target organization. The repository includes scripts and guides for performing whois searches, querying whois databases, and...

PT-2020-6443 · Qualcomm · Qualcomm Snapdragon Wearables +7

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto affected versions not specified Qualcomm Snapdragon Compute affected versions not specified Qualcomm Snapdragon Connectivity affected versions not specified Qualcomm Snapdragon Consumer IOT affected versions not...

VulnCheck KEV: CVE-2021-1905

Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously...

Palo Alto Networks PAN-OS 8.1.x < 8.1.16 / 9.0.x < 9.0.10 / 9.1.x < 9.1.4 / 10.0.x < 10.0.1 Command Injection Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.16 or 9.0.x prior to 9.0.10 or 9.1.x prior to 9.1.4 or 10.0.x prior to 10.0.1. It is, therefore, affected by a vulnerability. - An OS command injection and memory corruption vulnerability in the PAN-OS...

CVE-2020-2000

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than...

Memory corruption

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than...

CVE-2020-2000 PAN-OS: OS command injection and memory corruption vulnerability

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than...

CVE-2020-2000

CVE-2020-2000 is a command-injection and memory-corruption vulnerability in Palo Alto Networks PAN-OS management web interface. The issue affects PAN-OS versions prior to fixed releases: 8.1.16, 9.0.10, 9.1.4, and 10.0.1. It requires authenticated administrators and can disrupt system processes a...

PAN-OS: OS command injection and memory corruption vulnerability

An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. Work around: Until PAN-OS software is upgraded to a...

2020 Was a Secure Election

Over at Lawfare: "2020 Is An Election Security Success Story So Far." What’s more, the voting itself was remarkably smooth. It was only a few months ago that professionals and analysts who monitor election administration were alarmed at how badly unprepared the country was for voting during a...

squid: Information Disclosure issue in FTP Gateway

A flaw was found in squid. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes...

Security update for icinga2 (moderate)

openSUSE Security Update: Security update for icinga2 Announcement ID: openSUSE-SU-2020:1820-1 Rating: moderate References: 1159869 1172171 1174075 Cross-References: CVE-2020-14004 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1...