About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability

About Elevation of Privilege - Windows Task Scheduler CVE-2024-49039 vulnerability. It was released on November Microsoft Patch Tuesday and showed signs of exploitation in the wild right away. To exploit the vulnerability, an authenticated attacker runs a specially crafted application on the targ...

Starbucks Shifts to Manual Processes After Contractor Ransomware Attack

Ransomware attack cripples Starbucks operations, forcing the coffee giant to rely on manual processes for employee scheduling and…...

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver BYOVD to disarm security protections and ultimately gain access to the infected system. "This malware takes a more sinister route: it drops a legitimate Avast...

mySCADA myPRO Manager OS Command Injection Vulnerability (CNVD-2024-46408)

mySCADA myPRO is a professional HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO Manager, which can be exploited by an attacker to inject arbitrary operating system commands...

mySCADA myPRO Manager Authorization Issues Vulnerability

mySCADA myPRO is a professional HMI/SCADA system designed primarily for the visualization and control of industrial processes. An authorization issue vulnerability exists in mySCADA myPRO Manager, which can be exploited by an attacker to submit a special request for unauthorized access to resourc...

Postgresql: role pg_signal_backend can signal certain superuser processes.

...

CVE-2017-9711

Certain unprivileged processes are able to perform IOCTL calls...

CVE-2017-9711 Permissions, Privileges, and Access Controls in Data

Certain unprivileged processes are able to perform IOCTL calls...

PT-2024-10609 · Qualcomm · Snapdragon +22

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows certain unprivileged processes to perform IOCTL calls. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

When Guardians Become Predators: How Malware Corrupts the Protectors

When Guardians Become Predators: How Malware Corrupts the Protectors By Trellix · November 20, 2024 This blog was also written by Trishaan Kalra Introduction We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is...

CVE-2018-9421

In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-10396

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to...

CVE-2024-10396 Fileserver crash and possible information leak on StoreACL/FetchACL

An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to...

PT-2024-16243 · Debian · Debian

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memor...

CVE-2024-51996 Symphony has an Authentication Bypass via RememberMe

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. Th...

cockpit: Authenticated user can kill any process when enabling pam_env's user_readenv option

A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pamenv's userreadenv option, which leads to a denial of service DoS attack...

CVE-2024-51736

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijackin...

CVE-2024-51513

Vulnerability of processes not being fully terminated in the VPN module Impact: Successful exploitation of this vulnerability will affect power consumption...

Mounting memory with MemProcFS for advanced memory forensics

Mounting memory? This changes everything! TL;DR Memory forensics is crucial for investigations, providing access to volatile data, like running processes and network connections. MemProcFS is a game-changer tool in memory forensics, allowing memory dumps to be mounted and browsed like file system...

CVE-2024-7475

CVE-2024-7475 describes an improper access control in lunary-ai/lunary 1.3.2 that lets an attacker update the SAML configuration without authorization. This could enable manipulation of authentication processes, fraudulent login requests, and theft of user information. Multiple connected sources ...