PT-2026-51190

Name of the Vulnerable Software and Affected Versions AOMEI Backupper versions prior to 8.3.0 Description An issue exists in the Kernel Driver component within the amwrtdrv.sys library. A local attacker can perform a manipulation of an unknown function to cause improper access controls...

EUVD-2013-4413

Malware in sbrugna...

EUVD-2022-6653

Malicious code in bioql PyPI...

CVE-2023-46807

An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database...

CVE-2022-40043

Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the escname Escalation Name parameter at Configuration/Notifications/Escalations...

OPENSUSE-SU-2024:0157-1 Security update for nano

This update for nano fixes the following issues: - CVE-2024-5742: Avoid privilege escalations via symlink attacks on emergency save file boo1226099...

RHEL 9 : kernel (RHSA-2024:0448)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0448 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bpf: Incorrect verifier prunin...

RHEL 9 : runc (RHSA-2023:6380)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6380 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes:...

CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

Sql injection

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

Oracle Linux 8 : libseccomp (ELSA-2019-3624)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3624 advisory. 2.4.1-1 - rebase to 2.4.1 2.3.3-4 - spec: make the check phase conditional Tenable has extracted the preceding description block directly from the Oracle Linux...

Cross-Site Request Forgery (CSRF)

com.xuxueli:xxl-job is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in xxl-job-admin/user/add, which allows an attacker to use a crafted .html file to cause CSRF attacks due to insufficient checks, resulting in arbitrary code execution and privilege escalations...

CISA Adds Five Known Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32046 Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability CVE-2023-32049 Microsoft Windows Defender SmartScreen Security Feature Bypass...

VMSA-2023-0009:VMware Aria Operations update addresses multiple Local Privilege Escalations and a Deserialization issue

Advisory ID: VMSA-2023-0009 CVSSv3 Range: 6.4-8.8 Issue Date:2023-05-11 Updated On: 2023-05-11 Initial Advisory CVEs: CVE-2023-20877, CVE-2023-20878, CVE-2023-20879, CVE-2023-20880 Synopsis: VMware Aria Operations update addresses multiple Local Privilege Escalations and a Deserialization issue...

GHSA-6M9F-PJ6W-W87G Rancher Webhook is misconfigured during upgrade process

Impact A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. When the Webhook is operating in a degraded state, it no...

K65043534: Multiple INTEL BIOS vulnerabilities

Security Advisory Description CVE-2017-5705 Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. CVE-2017-5706 Multiple buffer overflows in kernel in Intel Server Platfo...

K04454621: Linux kernel vulnerability CVE-2020-25671

Security Advisory Description A vulnerability was found in Linux Kernel, where a refcount leak in llcpsockconnect causing use-after-free which might lead to privilege escalations. CVE-2020-25671 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Statu...