EUVD-2023-2917

Malicious code in bioql PyPI...

EUVD-2021-30699

Malicious code in bioql PyPI...

EUVD-2022-38815

Malicious code in bioql PyPI...

EUVD-2025-5367

Malicious code in bioql PyPI...

EUVD-2024-51921

Malicious code in bioql PyPI...

EUVD-2022-1918

Malicious code in bioql PyPI...

CVE-2023-53511

In the Linux kernel, the following vulnerability has been resolved: iouring: fix fget leak when fs don't support nowait buffered read Heming reported a BUG when using iouring doing link-cp on ocfs2. 1 Do the following steps can reproduce this BUG: mount -t ocfs2 /dev/vdc /mnt/ocfs2 cp testfile...

CVE-2022-50457

In the Linux kernel, the following vulnerability has been resolved: mtd: core: Fix refcount error in delmtddevice delmtddevice will call ofnodeput to mtdgetofnodemtd, which is mtd-dev.ofnode. However, memset&mtd-dev, 0 is called before ofnodeput. As the result, ofnodeput won't do anything in...

openvpn-devel -- script injection vulnerability from trusted but malicious server

Gert Doering reports: Notable changes beta1 - beta2 are: ... add proper input sanitation to DNS strings to prevent an attack coming from a trusted-but-malicous OpenVPN server CVE: 2025-10680, affects unixoid systems with --dns-updown scripts and windows using the built-in powershell call Lev...

at(1) Persistence

This module executes a metasploit payload utilizing at1 to execute jobs at a specific time. It should work out of the box with any UNIX-like operating system with atd running. Verified on Kali linux and OSX 13.7.4 Module Options msf use exploit/multi/persistence/at msf exploitat show targets...

OESA-2025-2153 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

Linux Distros Unpatched Vulnerability : CVE-2020-26235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific...

Periodic Script Persistence

This module will achieve persistence by writing a script to the /etc/periodic directory. According to The Art of Mac Malware no such malware species persist in this manner 2024. This payload requires root privileges to run. This module can be run on BSD, OSX or Arch Linux. Module Options msf use...

Linux Distros Unpatched Vulnerability : CVE-2025-27148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can...

Linux Distros Unpatched Vulnerability : CVE-2021-21290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers &...

PT-2025-28647

Name of the Vulnerable Software and Affected Versions Git versions 2.43.7 through 2.50.1 Description Git contains a link following vulnerability stemming from inconsistent handling of carriage return characters in configuration files. This flaw allows attackers to execute arbitrary code via...

PHP Exec

Execute a PHP payload as an OS command from a Posix-compatible shell Module Options msf use payload/cmd/unix/php/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and...

CVE-2022-41954

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems not Windows or macos, MPXJ's use of File.createTempFile.. results in temporary files being created with the permissions -rw-r--r--. This means that any other...

CVE-2021-22572

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other loc...

CVE-2021-21331

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...