The complexity of modern information systems relies on a large number of applications that are necessary for the proper functioning of any company. So the task of keeping up with the threats is quite difficult. Updating systems is a basic task and has a great effect. But to do this, you need to know which vulnerabilities and threats might affect your business and properly decide how to prioritize the investment in Information Security.
We are always ready to help you in an efficient and reliable way.
In addition to the Vulnerability and Threat Intelligence service, we also provide access to the vulnerabilities discovered by Allele Security Intelligence’s research team through our Security Research service. We conduct research constantly and especially in applications that are essential for various types of industry. Your company will stay up to date with the latest vulnerabilities and threats that may affect your business.
Always being steps ahead
see Our latest security alerts
- ASA-2020-00039 – Linux kernel: SELinux netlink permission check bypass due to SELinux incorrectly assume that an skb would only contain a single netlink messageA flaw was found in the Linux kernels SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.
- ASA-2020-00038 – Linux kernel: Memory corruption due to the lack of validation of an sk_family field in vhost subsystemIn the Linux kernel, get_raw_socket() in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
- ASA-2019-00658 – Linux kernel: Mounting a crafted btrfs filesystem image can lead to a use-after-free through syncfs system callMounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.
- ASA-2019-00657 – Linux kernel: Use-after-free vulnerability when deleting a file from a recently unmounted specially crafted ext4 filesystemA flaw was found in the Linux kernel’s ext4_unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI.
- ASA-2019-00656 – Intel: Improper conditions check in voltage settings for some Intel ProcessorsImproper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access.