EUVD-2022-36040

Malicious code in bioql PyPI...

CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

Tenable Nessus Agent < 8.3.4 / 10.x < 10.1.4 Multiple Vulnerabilities (TNS-2022-17) (TNS-2022-13)

According to its self-reported version, the Tenable Nessus agent running on the remote host is prior to 8.3.4 or 10.x prior to 10.1.4. It is, therefore, affected by multiple vulnerabilities: - An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes...

CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

Command injection

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

CVE-2022-32974

CVE-2022-32974 is confirmed in connected documents as affecting Tenable Nessus/ Nessus Agent prior to specific versions. An authenticated attacker could read arbitrary files from the underlying OS via a crafted compliance audit file, without SSH credentials. Exploitation details and affected vers...

CVE-2022-32974

An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...

Tenable Network Security Nessus 输入验证错误漏洞

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security, USA. An input validation error vulnerability exists in Tenable Network Security Nessus Agent version 10.1.3 and earlier versions, which can be exploited by an authenticated attacker to re...

How to Be Resilient to Data Theft

Page Integrity Manager is now PCI compliant -- a strong starting point to harden your web applications. Compliance with the Payment Card Industry Data Security Standard PCI DSS is fundamental for any business that accepts payment cards or processes payment card data. Many financial services...

Why You Need a Database Audit Trail

Your ability to answer very detailed questions about what’s going on in your organization’s databases can make or break a compliance audit or security investigation. Aside from the obvious need for this information in the event of a breach, it’s also important because government, financial, and...