Mercedes-Benz HERMES Certification Bypass Vulnerability (CNVD-2021-17722)

Mercedes-Benz HERMES is a telematics control unit equipped in Mercedes-Benz connected vehicles. An authentication bypass vulnerability exists in the debug interface in Mercedes-Benz HERMES 1. An attacker with physical access to the device hardware could exploit this vulnerability to obtain system...

CVE-2020-25165

BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the ...

Authentication flaw

BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the ...

CVE-2020-25165

BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the ...

CVE-2020-25165

CVE-2020-25165 affects BD Alaris PC Unit Model 8015 and BD Alaris Systems Manager (versions 4.33 and earlier). The issue is a network session authentication vulnerability in the authentication process between these components that could be exploited to perform a denial-of-service by modifying dat...

Querying Windows Event Logs for Faster Investigation and Response

With this week’s release on the VMware Carbon Black Cloud, users can now remotely inspect Windows devices’ event logs to pull back information that could be helpful during an investigation or response scenario. This new capability comes as part of an update to the Live Query functionality provide...

BD Alaris 8015 PC Unit and BD Alaris Systems Manager

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Becton, Dickinson and Company BD Equipment: BD Alaris 8015 PC Unit and BD Alaris Systems Manager Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this...

hw: Fast forward store predictor

A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU...

OPENSUSE-SU-2020:1868-1 Security update for salt

This update for salt fixes the following issues: - Avoid regression on 'salt-master': set passphrase for salt-ssh keys to empty string bsc1178485 - Properly validate eauth credentials and tokens on SSH calls made by Salt API bsc1178319, bsc1178362, bsc1178361, CVE-2020-25592, CVE-2020-17490,...

SUSE-SU-2020:3245-1 Security update for Salt

This update fixes the following issues: salt: - Fix disk.blkid to avoid unexpected keyword argument 'pubuser' bsc1177867 - Ensure virt.update stoponreboot is updated with its default value - Do not break package building for systemd OSes - Drop wrong mock from chroot unit test - Support systemd...

CVE-2020-22552

The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed...

Code injection

The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed...

PT-2020-15480 · Snap7 · Snap7

Name of the Vulnerable Software and Affected Versions: Snap7 version 1.4.1 Description: The issue occurs when an attacker sends a crafted packet using the COTP protocol with the last-data-unit flag set to No, and the S7 function writes a variable. This results in the Snap7 server crashing...

ALPINE-CVE-2020-27670

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service data corruption, cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated...

UBUNTU-CVE-2020-27671

An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service data corruption, cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled...

UBUNTU-CVE-2020-27670

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service data corruption, cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated...

U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks

The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses. The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate GRU, ha...

CVE-2020-0420

In setUpdatableDriverPath of GpuService.cpp, there is a possible memory corruption due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

systemd security and bug fix update

219-78.0.1 - Backport upstream patches related to private-tmp Sushmita Bhattacharya Orabug: 31561883 - backport upstream pstore tmpfiles patch Eric DeVolder Orabug: 31414539 - udev rules: fix memory hot add and remove Orabug: 31309730 - enable and start the pstore service Orabug: 30950903 - fix t...

Black-T Malware Emerges From Cryptojacker Group TeamTNT

Researchers have discovered the latest cryptojacking malware gambit from TeamTNT, called Black-T. The variant builds on the group’s typical approach, with a few new — and sophisticated — extras. TeamTNT is known for its targeting of Amazon Web Services AWS credentials, to break into the cloud and...