You searched for privilege escalation | SC Media

Your search for privilege escalation returned 19 results

Active Filters

Click on a filter below to refine your search. Remove a filter to broaden your search.

Last 6 months remove

Your search for privilege escalation returned 19 results

Sort Results:

Relevant Recent
VMware advisory warns users to patch critical issue in product
Network Security, Security News, Vulnerabilities

VMware discloses important local privilege escalation bug found in 3 products

VMware’s latest security advisory discloses three vulnerabilities spread out among five products. The most significant of this trio is an “important” time-of-check time-of-use (TOCTOU) flaw in the service opener of Fusion, VMRC and Horizon Client that can be locally exploited to escalate privileges to root. Officially designated CVE-2020-3957, the bug was assigned a CVSSv3 base score of…
VMware advisory warns users to patch critical issue in product
Network Security, Security News, Vulnerabilities

VMware squashes critical code execution bug in hypervisors

VMware has updated its Workstation hosted hypervisor and Fusion software hypervisor, fixing a critical vulnerability that could be exploited to trigger arbitrary code execution or a denial of service condition. The virtualization and cloud computing software provider company also fixed two important privilege escalation flaws spread out between four of its products. Designated CVE-2020-3947, the most critical…
Network Security, Security News, Vulnerabilities

Patch Tuesday: Adobe eliminates four critical bugs

Adobe Systems on Patch Tuesday issued fixes for 13 vulnerabilities — four critical — spread out among five products, including Download Manager, ColdFusion, Genuine Service, Media Encoder and the Creative Cloud Desktop Application. Download Manager 2.0.0.518 for Windows contains a command injection flaw (CVE-2020-9688), that can cause arbitrary code execution. Discovered by researcher Dhiraj Mishra,…
Security News, Vulnerabilities

Adobe offers up a light Patch Tuesday for April

Adobe issued a mild batch of Patch Tuesday security update for April covering three products with all vulnerabilities being rated as important. ColdFusion 2016 and 2018 received patches for CVE-2020-3767, an insufficient input validation issue that can lead to an application-level DoS situation;  CVE-2020-3768 is a DLL search-order hijacking problem that can lead to Privilege…
Security News, Vulnerabilities

Drupal, Google and Cisco post security advisories

Batches of security advisories were rolled out by Drupal, Google and Cisco yesterday addressing a host of critical-rated issues for their products. Drupal addressed a critical vulnerability affecting Drupal 8.7 and 8.8. The issue is a Cross Site Scripting vulnerability in third-party libraries. An attacker that can create or edit content may be able to…
Cybercrime, Network Security, Security News, Vulnerabilities

Attackers are using exploit code for SMBGhost bug, CISA warns

Functioning point-of-concept exploit code now exists for the highly critical “SMBGhost” bug that Microsoft last March patched in its Server Message Block 3.1.1 (SMBv3) protocol, and attackers are taking advantage, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned, citing open-source reports. Designated CVE-2020-0796 and also known as EternalDarkness, the bug can result in…
Coronavirus, Events, Network Security, Security News, Vulnerabilities

Pwn2Own contest yields 13 bugs, as virtual format expands talent pool

Research teams at the Pwn2Own 2020 competition successfully exploited 13 software vulnerabilities this past week, including bugs found in products from Adobe, Apple, Microsoft, Oracle and Ubuntu. Participants earned $270,000 over the two-day event — the first Pwn2Own ever to be held virtually, as a measure to combat the rapid spread of the novel coronavirus.…
patch flaw vulnerability
Security News, Vulnerabilities

Adobe Patch Tuesday: Critical vulnerabilities in Flash Player, Framemaker patched

Adobe conducted a large-scale rollout of security updates for a variety of its products for February Patch Tuesday, including a critical patch for Flash Player that if exploited could result in arbitrary code execution in the context of the current user. Joining Adobe Flash Player in receiving security updates are Framemaker, Acrobat Reader and DC,…
Network Security, Security News, Vulnerabilities

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a privilege escalation vulnerability in the authorization controls of the IOx application hosting infrastructure in Cisco IOS XE…
InfoSec World 2020, Security News

Alsid’s Melber urges active directory protection to fend off new attack patterns

Enterprises that start concentrating on protecting the active directory will be doing themselves a huge favor, Derek Melber emphasized in his Tuesday afternoon InfoSec World 2020 session, “New Attack Patterns: Targeting the Keys to the Kingdom.” “The attackers are going directly after the core IAM (Identity and Access Management) for nearly 95 percent of the…
Next post in InfoSec World 2020