PT-2021-6321 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability in Windows Setup. It is caused by incorrect link resolution before accessing a file, which can allow an attacker to elevate...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Northwave Log4j CVE-2021-44228 checker Friday 10 December 202...

CVE-2021-43784 Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...

XC - A Small Reverse Shell For Linux And Windows

Netcat like reverse shell for Linux & Windows. Features Windows Usage: └ Shared Commands: !exit !upload uploads a file to the target !download downloads a file from the target !lfwd local portforwarding like ssh -L !rfwd remote portforwarding like ssh -R !lsfwd lists active forwards !rmfwd remove...

"Cannot complete request" when connecting to SAML enabled store externally in Multi-Domain environment

"Cannot complete request" error with SAML enabled store in Multi-Domain environment Two-way Trust is added for the two domains where Infrastructure servers StoreFront, Federated Authentication Server, etc. are in Domain A and Users are in Domain B that is two different domains. Azure AD is the...

GSD-2021-1002309 x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails

x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.5 by commit...

UVI-2021-1002309 x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails

x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.5 by commit...

GSD-2021-1002278 x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails

x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.82 by commit...

GSD-2021-1002258 x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails

x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.162 by commit...

UVI-2021-1002258 x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails

x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.162 by commit...

UVI-2021-1002246 x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails

x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.218 by commit...

GSD-2021-1002246 x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails

x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.218 by commit...

Huawei HarmonyOS multi-user settings issue vulnerability

Huawei HarmonyOS is an operating system from Huawei, China. Huawei HarmonyOS is vulnerable to a multi-user setup issue. An attacker could exploit this vulnerability to compromise confidentiality...

Registry-Recon - Cobalt Strike Aggressor Script That Performs System/AV/EDR Recon

Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon. Author: Jess Hires Description As a red-team practitioner, we are often using tools that attempt to fingerprint details about a compromised system, preferably in the most stealthy way possible. Some of our usual tooling for this...

Kubernetes-Goat - Is A "Vulnerable By Design" Kubernetes Cluster. Designed To Be An Intentionally Vulnerable Cluster Environment To Learn And Practice Kubernetes Security

The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security. Refer tohttps://madhuakula.com/kubernetes-goat for the guide. Show us some Please feel free to send us a PR and show some Upcoming Training's and Sessions DEFCON DEMO...

NetworkManager security, bug fix, and enhancement update

1.32.10-4.0.1 - add connectivity check via Oracle servers Orabug: 32051972 - Disable the build of NetworkManager-config-connectivity- subpackage for 8.3 1:1.32.10-4 - revert unapproved patches part of 'cloud-setup' change rh 1977984 1:1.32.10-3 - preserve the IPv6 multicast route added by kernel ...

CVE-2021-1981

Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile...

CVE-2021-1981

CVE-2021-1981 involves a buffer over-read caused by an improper Bearer capability IE size check in MT setup requests from the network. It affects Qualcomm/Qualcomm closed‑source components used in Snapdragon platforms, including Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT...

Antilles 代码问题漏洞

Lenovo Antilles is an open-source infrastructure management software for high performance computing Hpc from Lenovo, China. A security vulnerability exists in versions of Antilles open-source software prior to 1.0.1, which stems from the non-existence of packages listed in requirements.txt in the...

kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c

A use after free flaw in the Linux kernel network block device NBD subsystem was found in the way user calls an ioctl NBDSETSOCK at a certain point during device setup...