Lucene search
K

121 matches found

ossf
ossf
added 2025/04/30 9:54 p.m.7 views

Malicious code in telepycore (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3dcd0a2a8162a703ef9d7b90566e4c55116a7f4f4d3b8759ca0d2640acd4ee4 Package can only be used requires additional triggering to install a remote executable, ensure it starts on logon and name mimic network service. Though...

7.1AI score
Exploits0References7
ossf
ossf
added 2025/03/01 3:16 p.m.6 views

Malicious code in pydefender (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a1e2cc2d94eff74e302118c35c34f87e76175fe507facbe21c29883960c8223e setup.py is prepared to download and run an obfuscated batch script. While the script is not detected by any AV currently, in the sandbox analysis it reveals...

7.7AI score
Exploits0References4
osv
osv
added 2025/03/01 3:16 p.m.7 views

MAL-2025-191833 Malicious code in pydefender (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a1e2cc2d94eff74e302118c35c34f87e76175fe507facbe21c29883960c8223e setup.py is prepared to download and run an obfuscated batch script. While the script is not detected by any AV currently, in the sandbox analysis it reveals...

7.6AI score
Exploits0References4
suse
suse
added 2025/02/26 7:26 a.m.3 views

Recommended update for Maven

This update for Maven fixes the following issues: maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1: Key changes across versions: Bug fixes and improved support of dynamic types Dependency upgrades ASM, Maven core, and notably the removal of commons-io Improved error handling by...

8.8CVSS8.4AI score0.22709EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/02/05 7:30 p.m.11 views

CVE-2022-0513

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusionreason parameter found in the /includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtai...

9.8CVSS7.5AI score0.5346EPSS
Exploits3References1
redhatcve
redhatcve
added 2025/02/05 6:3 p.m.12 views

CVE-2019-3636

A File Masquerade vulnerability in McAfee Total Protection MTP version 16.0.R21 and earlier in Windows client allowed an attacker to read the plaintext list of AV-Scan exclusion files from the Windows registry, and to possibly replace excluded files with potential malware without being detected...

7.8CVSS6.7AI score0.00225EPSS
Exploits0References1
veeam
veeam
added 2024/12/03 12:0 a.m.88 views

How to Add Exclusions to Veeam Threat Hunter Scan

Purpose This article documents how to exclude files from the Veeam Threat Hunter scan. Solution To exclude specific files or folders from Veeam Threat Hunter scans, add a registry entry on your Veeam Backup Server: Registry Path: HKLM\SOFTWARE\Veeam\Veeam Threat Hunter\ Value Name:...

6.8AI score
Exploits0Affected Software1
osv
osv
added 2024/06/28 3:28 p.m.11 views

GO-2024-2939 SpiceDB exclusions can result in no permission returned when permission expected in github.com/authzed/spicedb

SpiceDB exclusions can result in no permission returned when permission expected in github.com/authzed/spicedb...

5.3CVSS3.9AI score0.00396EPSS
Exploits1References3
github
github
added 2024/06/20 4:24 p.m.37 views

SpiceDB exclusions can result in no permission returned when permission expected

Background Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. For example, given this schema: zed definition user definition folder relation member: user relation banned: user permission view = member - banned definition resourc...

5.3CVSS6.6AI score0.00396EPSS
Exploits1References4Affected Software1
kitploit
kitploit
added 2024/05/09 12:30 p.m.46 views

BadExclusionsNWBO - An Evolution From BadExclusions To Identify Folder Custom Or Undocumented Exclusions On AV/EDR

BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR. How it works? BadExclusionsNWBO copies and runs HookChecker.exe in all folders and subfolders of a given path. You need to have HookChecker.exe on the same folder of...

7AI score
Exploits0References1
osv
osv
added 2024/04/10 5:15 p.m.4 views

CVE-2024-3386

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from...

5.3CVSS5.8AI score0.00436EPSS
Exploits0References1
attackerkb
attackerkb
added 2024/04/10 5:15 p.m.5 views

CVE-2024-3386

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from...

5.3CVSS6AI score0.00436EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2024/04/10 5:6 p.m.23 views

CVE-2024-3386 PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from...

5.3CVSS6.8AI score0.00436EPSS
Exploits0References1
cvelist
cvelist
added 2024/04/10 5:6 p.m.24 views

CVE-2024-3386 PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from...

5.3CVSS5.5AI score0.00436EPSS
Exploits0References1
paloalto
paloalto
added 2024/04/10 4:0 p.m.22 views

PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended

An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from...

5.3CVSS6.7AI score0.00436EPSS
Exploits0References1
nessus
nessus
added 2024/04/10 12:0 a.m.22 views

Palo Alto Networks PAN-OS 9.0.x < 9.0.17-h2 / 9.1.x < 9.1.17 / 10.0.x < 10.0.13 / 10.1.x < 10.1.10 / 10.2.x < 10.2.5 / 11.0.x < 11.0.2 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 9.0.x prior to 9.0.17-h2 or 9.1.x prior to 9.1.17 or 10.0.x prior to 10.0.13 or 10.1.x prior to 10.1.10 or 10.2.x prior to 10.2.5 or 11.0.x prior to 11.0.2. It is, therefore, affected by a vulnerability. - An incorrect string...

5.3CVSS5.8AI score0.00436EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/03/26 12:0 a.m.5 views

PT-2024-22805

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 6.8.1 Description A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These...

6.1CVSS6.5AI score0.00722EPSS
Exploits0References18
thn
thn
added 2024/03/21 4:3 p.m.30 views

Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems

The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization NGO in order to deploy a backdoor called TinyTurla-NG TTNG. "The attackers compromised the first system, established persistence and added exclusions to antivirus...

7AI score
Exploits0
osv
osv
added 2024/01/23 3:18 p.m.12 views

SUSE-SU-2024:0191-1 Security Beta update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Exclude s390 arch - Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go = 1.14 also for CentOS - Add support for CentOS - Replace %?systemdrequires with %?systemdordering...

9.8CVSS9.8AI score0.99888EPSS
Exploits57References121
osv
osv
added 2023/10/10 5:15 p.m.5 views

CVE-2023-37939

An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all...

3.3CVSS5.8AI score0.00241EPSS
Exploits0References1
Rows per page
Query Builder