PT-2021-4239 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.13.7 Description: The issue allows an unprivileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This occurs because a certain preempting sto...

Fedora: Security Advisory for kernel-headers (FEDORA-2021-07dc0b3eb1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

HackerOne: Disclosure handle private program with external link

Summary: Hi team. It looks like we can identify private programs that have an external link Steps To Reproduce 1. http POST /graphql HTTP/1.1 Host: hackerone.com Connection: close Content-Length: 168 accept: / X-Auth-Token: yourtoken User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64...

Apple macOS Big Sur Buffer Overflow Vulnerability (CNVD-2021-102841)

Apple macOS Big Sur is a mobile application app from Apple Inc. Apple macOS Big Sur is vulnerable to a buffer error that could be exploited by attackers to run specially crafted programs that trigger out-of-bounds writes and cause the system to unexpectedly terminate or write to kernel memory...

How to protect your CAD data files with MIP and HALOCAD

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Computer-aided design CAD files are used by design professionals in the manufacturing, engineering, architecture, surveying, and construction industries. These highly valuable files...

[SECURITY] Fedora 33 Update: kernel-headers-5.13.3-100.fc33

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...

Rapid7 + XDR: Security that Moves as Fast as Your Business

Since launching InsightIDR almost six years ago, our mission has remained constant: make it possible for any security team to achieve fast, sophisticated threat detection and response programs that scale with their business. Making threat detection and response as agile and simple as possible...

CVE-2021-34481

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

Compliance When Migrating to the Cloud: SQL Server Running on Azure vs. On- Premise

In the age of the data era, where data storage is increasing at an exponential rate and access to information is getting easier and faster, data security is a major concern. There are many cases where we can’t prevent people from accessing data, but we can track and investigate suspicious...

CVE-2021-27660

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs...

CVE-2021-27660

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs...

Design/Logic Flaw

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs...

CVE-2021-27660 C-CURE 9000

An insecure client auto update feature in C-CURE 9000 can allow remote execution of lower privileged Windows programs...

CVE-2021-27660

CVE-2021-27660 affects Johnson Controls C-CURE 9000. The vulnerability arises from an insecure client auto-update feature (improper input validation CWE-20) that can enable remote execution of lower-privileged Windows programs. Impact is high (C/H/I/H/A/H) with network vector and low attack compl...

Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by security vulnerabilities (CVE-2016-2985 and CVE-2016-2984)

Summary Security vulnerabilities have been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow: - a local attacker to execute commands as root by setting environment variables processed by setuid programs CVE-2016-2985 - a local attacker to execute commands as root by...

Hackers Crack Pirated Games with Cryptojacking Malware

A new Monero cryptojacking malware distributed via “cracked” versions of popular online games is wiping out antivirus programs AVs and surreptitiously mining cryptocurrency in more than a dozen countries, researchers have found. Dubbed “Crackonosh,” the malware — which has been active since June...

Crackonosh virus mined $2 million of Monero from 222,000 hacked computers

A previously undocumented Windows malware has infected over 222,000 systems worldwide since at least June 2018, yielding its developer no less than 9,000 Moneros $2 million in illegal profits. Dubbed "Crackonosh," the malware is distributed via illegal, cracked copies of popular software, only to...

Medium: libX11

Issue Overview: A flaw was found in libX11. An integer overflow leading to a heap-buffer overflow occurs when setuid programs call XIM client functions while running with elevated privileges. The highest threat from this vulnerability are to data confidentiality and integrity as well as system...

CVE-2021-3013

CVE-2021-3013 concerns ripgrep before version 13 on Windows, where the -z/--search-zip or --pre flags allow triggering execution of arbitrary programs from the current working directory. The connected data confirms this as a Windows-specific command-injection-style issue affecting ripgrep’s ZIP-s...

Bbscope - Scope Gathering Tool For HackerOne, Bugcrowd, And Intigriti!

The ultimate scope gathering tool for HackerOne, Bugcrowd, and Intigriti by sw33tLie. Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job. What about getting a list of android apps that you are allowed to test? We've got you...