MGASA-2023-0025 Updated sudo packages fix security vulnerability

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

Cypherhound - Terminal Application That Contains 260+ Neo4j Cyphers For BloodHound Data Sets

A Python3 terminal application that contains 260+ Neo4j cyphers for BloodHound data sets. Why? BloodHound is a staple tool for every red teamer. However, there are some negative side effects based on its design. I will cover the biggest pain points I've experienced and what this tool aims to...

OESA-2022-2146 sqlite security update

Security Fixes: SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.CVE-2022-46908...

The vulnerability of the Cisco Software-Defined Application Visibility and Control (SD-AVC) function in the centralized network management system, the Cisco Catalyst SD-WAN Manager, allows a intruder to gain unauthorized access to the system.

The vulnerability of the Cisco Software-Defined Application Visibility and Control SD-AVC function in the centralized network management system, Cisco Catalyst SD-WAN Manager, is related to the lack of authentication for this critical function. Exploiting this vulnerability could allow a maliciou...

December 20, 2022—KB5022553 (OS Build 20348.1368) Out-of-band

December 20, 2022—KB5022553 OS Build 20348.1368 Out-of-band 12/22/22 IMPORTANT After November 22, 2022, there are no more optional, non-security preview releases for Windows Server 2022. Only cumulative monthly security updates known as the "B" or Update Tuesday release will continue for Windows...

CVE-2022-41272

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search UDS of SAP NetWeaver Process Integration PI - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized...

UBUNTU-CVE-2022-46908

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE...

SQLite 安全漏洞

SQLite is a lightweight database that is an ACID compliant relational database management system. A security vulnerability exists in SQLite 3.40.0 and prior versions that stems from not properly implementing the azProhibitedFunctions protection mechanism when relying on --safe to execute untruste...

PT-2022-6939 · Sqlite +3 · Sqlite +3

Name of the Vulnerable Software and Affected Versions: SQLite versions prior to 3.40.0 Description: The issue is related to errors in the implementation of the azAllowedFunctions protection mechanism in the SQLite database management system's command-line interface. This could allow an attacker t...

[SECURITY] Fedora 37 Update: xfce4-places-plugin-1.8.3-1.fc37

A menu with quick access to folders, documents, and removable media. The Places plugin brings much of the functionality of GNOME=EF=BF=BD=EF=BF=BD=EF =BF=BDs Places menu to Xfce. It puts a simple button on the panel. Clicking on this button opens up a menu with 4 sections: 1 System-defined...

Exploit for Incorrect Permission Assignment for Critical Resource in Apache Cassandra

CVE-2021-44521 Automated PoC of CVE-2021-44521 Credits to orig...

November 22, 2022—KB5020032 (OS Build 20348.1311) Preview

November 22, 2022—KB5020032 OS Build 20348.1311 Preview NEW 12/22/22 IMPORTANT After November 22, 2022, there are no more optional, non-security preview releases for Windows Server 2022. Only cumulative monthly security updates known as the "B" or Update Tuesday release will continue for Windows...

Aruba Networks ArubaOS 操作系统命令注入漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, USA. An operating system command injection vulnerability exists in Aruba Networks ArubaOS. No information about this vulnerability i...

Aruba Networks ArubaOS 操作系统命令注入漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. An operating system command injection vulnerability exists in Aruba Networks ArubaOS that originates from an authenticated...

Design/Logic Flaw

A vulnerability has been identified in SICAM P850 All versions V3.10, SICAM P850 All versions V3.10, SICAM P850 All versions V3.10, SICAM P850 All versions V3.10, SICAM P850 All versions V3.10, SICAM P850 All versions V3.10, SICAM P850 All versions V3.10, SICAM P850 All versions V3.10, SICAM P850...

CVE-2022-40226

A vulnerability has been identified in SICAM P850 7KG8500-0AA00-0AA0 All versions V3.10, SICAM P850 7KG8500-0AA00-2AA0 All versions V3.10, SICAM P850 7KG8500-0AA10-0AA0 All versions V3.10, SICAM P850 7KG8500-0AA10-2AA0 All versions V3.10, SICAM P850 7KG8500-0AA30-0AA0 All versions V3.10, SICAM P8...

Siemens SICAM 授权问题漏洞

Siemens SICAM is an integrated substation automation system from Siemens Germany. An access control error vulnerability exists in several Siemens products. The vulnerability stems from the fact that the affected device accepts a user-defined session cookie and does not update the session cookie...

Cisco IOS XE SD-WAN Software and SD-WAN Software Path Traversal Vulnerability

Cisco IOS XE SD-WAN Software and Cisco SD-WAN are both products of Cisco U.S.A. Cisco IOS XE SD-WAN Software is a software for network management software-defined networking applied to the Cisco IOS XE network operating system. The Cisco IOS XE SD-WAN and Cisco SD-WAN are vulnerable to a path...

Aruba Networks ArubaOS and InstantOS Cross-Site Scripting Vulnerability

Aruba Networks ArubaOS is Aruba Networks' operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches. A cross-site scripting vulnerability exists in Aruba Networks ArubaOS and InstantOS. The vulnerability stems from a lack of effective...

Cisco Software-Defined Application Visibility and Control on Cisco vManage Static Username and Password (cisco-sa-sdavc-ZA5fpXX2)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control SD-AVC on Cisco vManage could allow an unauthenticated, remote attacker to access the GU...