MiniDVBLinux 5.4 Arbitrary File Read

!/usr/bin/env python3 MiniDVBLinux 5.4 Arbitrary File Read Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Vide...

MiniDVBLinux 5.4 Arbitrary File Read Exploit

!/usr/bin/env python3 MiniDVBLinux 5.4 Arbitrary File Read Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Vide...

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

A previously undocumented command-and-control C2 framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payloa...

Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)

Overview On September 10, 2022, a user reported on Zimbras official forums that their team detected a security incident originating from a fully patched instance of Zimbra. The details they provided allowed Zimbra to confirm that an unknown vulnerability allowed attackers to upload arbitrary file...

PT-2022-6650 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 21.2 prior to 21.2R3-S1 Juniper Networks Junos OS versions 21.3 prior to 21.3R2-S2, 21.3R3 Juniper Networks Junos OS versions 21.4 prior to 21.4R2-S1, 21.4R3 Juniper Networks Junos OS versions 22.1 prior to...

The vulnerability of the application for automatic capture, processing, management, and distribution of Opencast videos, related to the use of files and directories accessible to external parties, allows a violator to gain unauthorized access to protected information.

The vulnerability of the application for automatic capture, processing, management, and distribution of Opencast videos involves the use of files and directories accessible to external parties. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized...

PYSEC-2022-43040

The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...

Democritus Project 代码问题漏洞

Democritus Project is a collection of simple, effective, modular, fully tested and well-documented features from Democritus. A security vulnerability exists in Democritus Project d8s-pdfs that originates from the distribution of the package containing a potential code execution backdoor inserted ...

Ubuntu: Security Advisory (USN-5651-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5651-2 strongswan vulnerability

USN-5651-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points CDP in certificate...

USN-5651-1 strongswan vulnerability

Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points CDP in certificates. A remote attacker could possibly use this issue to initiate IKESAs and send crafted certificates that contain URIs pointing to servers under their control, which...

Aruba Networks ArubaOS and InstantOS Command Execution Vulnerabilities

ArubaOS is the network operating system for Aruba Mobility Controllers, Mobility Masters, and controller-managed Access Points APs.InstantOS is an Arch Linux-based distribution. A command execution vulnerability exists in Aruba Networks ArubaOS and InstantOS. The vulnerability stems from the...

Aruba Networks ArubaOS and Instant PAPI Protocol Buffer Overflow Vulnerability

ArubaOS is the network operating system for Aruba Mobility Controllers, Mobility Masters, and controller-managed access points APs. instantOS is an Arch Linux-based distribution. aruba networks ArubaOS and Instant PAPI The Aruba Networks ArubaOS and Instant PAPI protocols are vulnerable to a buff...

[SECURITY] [DSA 5243-1] lighttpd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5243-1 [email protected] https://www.debian.org/security/ Helmut Grohne September 28, 2022 https://www.debian.org/security/faq -...

Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware

A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan RAT. "This campaign features enhancements and a shift toward LNK Windows shortcut files when compared to similar attacks in the past," Zscaler ThreatLabz researchers Niraj...

The users can steal the Gobbler from the team

Lines of code Vulnerability details Impact In case mintReservedGobblers start minting let's say 20 for team + 20 for community And the loop on batchMint is now i == 3 Now Alice will invoke mintFromGoo to mint one Gobbler he will steal this Gobbler from the team address Proof of Concept Let’s say...

org.apache.pulsar:pulsar-server-distribution (>=2.8.0 <=2.8.3) potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-proxy (>=2.8.0 <=2.8.3)

org.apache.pulsar:pulsar-proxy MAVEN version =2.8.0, =2.8.0, =2.8.3 Source cves: CVE-2022-33682 Source advisory: OSV:GHSA-JVF3-MFXV-JCQR...

org.apache.pulsar:pulsar-server-distribution (>=2.9.0 <=2.9.2) potentially affected by CVE-2022-33683 via org.apache.pulsar:pulsar-proxy (>=2.9.0 <=2.9.2)

org.apache.pulsar:pulsar-proxy MAVEN version =2.9.0, =2.9.0, =2.9.2 Source cves: CVE-2022-33683 Source advisory: OSV:GHSA-J3QW-G67Q-7M64...

org.apache.pulsar:pulsar-server-distribution (>=2.9.0 <=2.9.2) potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-proxy (>=2.9.0 <=2.9.2)

org.apache.pulsar:pulsar-proxy MAVEN version =2.9.0, =2.9.0, =2.9.2 Source cves: CVE-2022-33682 Source advisory: OSV:GHSA-JVF3-MFXV-JCQR...

org.apache.pulsar:pulsar-server-distribution (=2.10.0) potentially affected by CVE-2022-33683 via org.apache.pulsar:pulsar-proxy (=2.10.0)

org.apache.pulsar:pulsar-proxy MAVEN version =2.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-proxy and may be impacted: - org.apache.pulsar:pulsar-server-distribution =2.10.0 Source cves: CVE-2022-33683 Source advisory:...