CVE-2020-11668

In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.

Comments Off on CVE-2020-11668 Continue Reading →

Performing deception to OS Fingerprint (Part 1: nmap), (Sat, Mar 28th)

How can you know which operating system is running on a specific remote host? The technique to answer this question corresponds to the fingerprinting of the operating system and is executed by sending a specific set of packages to the remote host and see how it behaves. Each operating system responds differently, which allows it […]

Comments Off on Performing deception to OS Fingerprint (Part 1: nmap), (Sat, Mar 28th) Continue Reading →

CVE-2020-7922

X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected.

Comments Off on CVE-2020-7922 Continue Reading →

CVE-2020-7922

X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are unaffected.

Comments Off on CVE-2020-7922 Continue Reading →

CVE-2018-21034

In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.

Comments Off on CVE-2018-21034 Continue Reading →

CVE-2018-21034

In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.

Comments Off on CVE-2018-21034 Continue Reading →

CVE-2020-11668

In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.

Comments Off on CVE-2020-11668 Continue Reading →

Performing deception to OS Fingerprint (Part 1: nmap), (Sat, Mar 28th)

How can you know which operating system is running on a specific remote host? The technique to answer this question corresponds to the fingerprinting of the operating system and is executed by sending a specific set of packages to the remote host and see how it behaves. Each operating system responds differently, which allows it […]

Comments Off on Performing deception to OS Fingerprint (Part 1: nmap), (Sat, Mar 28th) Continue Reading →

CVE-2020-11000

GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to get URL parsing and verification wrong, which allows an attacker to circumvent the access control. This problem has been patched in […]

Comments Off on CVE-2020-11000 Continue Reading →

CVE-2018-21086

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018).

Comments Off on CVE-2018-21086 Continue Reading →