8751 matches found
SUSE: Security Advisory (SUSE-SU-2022:1167-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cisco Iox 安全漏洞
Cisco Iox is a secure development environment from Cisco that combines Cisco IOS and Linux OS for secure network connectivity and development of IOT applications.A denial-of-service vulnerability exists in Cisco Iox, which can be exploited by an attacker to cause a DoS condition by sending a...
SUSE: Security Advisory (SUSE-SU-2022:1160-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from the lack of protective measures for website structures, allowing attackers to compromise data integrity.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to compromise the integrity of data...
Exploit for Code Injection in Vmware Spring_Framework
spring4shell ⭐ a python implementation of CVE-2022-22965 that...
Microsoft Azure 日志信息泄露漏洞
Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. A log information disclosure vulnerability exists in the Microsoft Azure SDK. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor...
CVE-2022-24829 Missing authentication in Garden
Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api...
Gitbleed_Tools - For Extracting Data From Mirrorred Git Repositories
This repo contains shell scripts that can be used to download and analyze differences between cloned and mirror Git repositories. For more information about the underlying quirk in Git behavior, please visit read our blog post. What Do These Scripts Do? These scripts will clone a copy of the give...
[SECURITY] Fedora 35 Update: python-pillow-8.3.2-3.fc35
Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...
CLSA-2022-1649172186 Update of openvpn-devel, openvpn
Rebuilt for tuxcare.els...
Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon
THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in the...
CVE-2021-32994
Softing OPC UA C++ SDK Software Development Kit versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locatio...
CVE-2021-32994 Softing OPC-UA C++ SDK Improper Restriction of Operations within the Bounds of a Memory Buffer
Softing OPC UA C++ SDK Software Development Kit versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locatio...
Actively exploited vulnerability affects Trend Micro Apex Central
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here Trend Micro Apex Central on-premise and as a Service has a zero-day vulnerability. This arbitrary file upload vulnerability if successfully exploited, could allow an unauthenticated remote attacker to upload any file, resulti...
Accusoft ImageGear out-of-bounds write vulnerability (CNVD-2022-35419)
Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, USA. Accusoft ImageGear suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to potentially cause memory corruption via a compiled file in the wrong format...
Metasploit Weekly Wrap-Up
CVE-2022-22963 - Spring Cloud Function SpEL RCE A new exploit/multi/http/springcloudfunctionspelinjection module has been developed by our very own Spencer McIntyre which targets Spring Cloud Function versions Prior to 3.1.7 and 3.2.3. This module is unrelated to Spring4Shell CVE-2022-22965, whic...
The vulnerability of the JNDI component in the OpenJDK application development kit allows a hacker to cause a service failure.
The vulnerability of the JNDI component in the OpenJDK application development kit is related to errors during resource release. Exploiting this vulnerability allows an attacker who operates remotely to cause service failures...
Increasing Representation of Women in Security Research
Microsoft is committed to partnering with and supporting women in security research. Whether it’s growing women early in their career, or connecting people with mentors, we want to be a part of the journey. Throughout Women's History Month we intentionally sought opportunities to engage with wome...
SpringCore0day
Information https://spring.io/blog/2022/03/31/spring-framewor...
DOS Vulnerability discovered in SonicWall Next-Generation Firewall
THREAT LEVEL: Amber For a detailed advisory, download the pdf file here SonicWall, a manufacturer of security hardware discovered a flaw in their SonicOS security operating system that allows denial of service DoS attacks and could lead to remote code execution RCE. The identified vulnerability...