CVE-2021-33455

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in dodirective in modules/preprocs/nasm/nasm-pp.c...

CVE-2022-34375

Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory...

CVE-2022-34374

Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system...

DRUPAL-CORE-2022-013

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...

Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...

[SECURITY] Fedora 35 Update: golang-x-mod-0.6.0~dev-3.20220330git9b9b3d8.fc35

This packages holds packages for writing tools that work directly with Go mod ule mechanics. That is, it is for direct manipulation of Go modules themselves...

CVE-2022-34764

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module BMENUA0100 V1.10 and prio...

Tofu - Windows Offline Filesystem Hacking Tool For Linux

A modular tool for hacking offline Windows filesystems and bypassing login screens. Can do hashdumps, OSK-Backdoors, user enumeration and more. How it works : When a Windows machine is shut down, unless it has Bitlocker or another encryption service enabled, it's storage device contains everythin...

Sql injection

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SS...

CVE-2022-28623

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SS...

The vulnerability of the AuthToken component in the microprogramming software for Desigo DXR2, PXC3, PXC4, and PXC5 modules allows a hacker to gain access to the device by intercepting the authentication token.

The vulnerability of the AuthToken component in the microprogramming software for Desigo DXR2, PXC3, PXC4, and PXC5 modules is related to an incorrect expiration time of the session. Exploiting this vulnerability can allow attackers to gain access to the device by intercepting the authentication...

SUSE-SU-2022:2331-1 Security update for rsyslog

This update for rsyslog fixes the following issues: - CVE-2022-24903: fix potential heap buffer overflow in modules for TCP syslog reception bsc1199061...

br.com.ideotech:draw-out-spring-boot-aop (>=1.5.19-1.RELEASE <=1.5.19.RELEASE), br.com.ideotech:draw-out-spring-boot-lib (>=1.5.19-1.RELEASE <=1.5.19.RELEASE) +1769 more potentially affected by CVE-2022-33980 via org.apache.commons:commons-configuration2 (>=2.4 <=2.7)

org.apache.commons:commons-configuration2 MAVEN version =2.4, =1.5.19-1.RELEASE, =1.5.19-1.RELEASE, =1.5.19-1.RELEASE, =1.5.0, =1.9.17-0, =1.0.0-2024, =1.0.0-2024, =1.0.0-2024, =1.0.0, =1.0.1-2024, =3.5.0-jdk17-1.0.0, =3.5.0-jdk17-2.0.0 and more Source cves: CVE-2022-33980 Source advisory:...

Oracle Linux 7 : containerd (ELSA-2021-15790)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-15790 advisory. - Address CVE-2021-32760 docker-cli - updated containerd minimum version to 1.4.8 to address CVE-2021-32760. docker-engine Tenable has extracted the preceding...

Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms

A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two doze...

rsyslog: Heap-based overflow in TCP syslog server

A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft a malicious message leading to a heap-based buffer overflow. This issue allows the attacker to corrupt or access data stored in memory, leading to a denial of service in the rsyslog or possible remote code...

The SessionManager IIS backdoor

Following on from our earlier Owowa discovery, we continued to hunt for more backdoors potentially set up as malicious modules within IIS, a popular web server edited by Microsoft. And we didnt come back empty-handed… In 2021, we noticed a trend among several threat actors for deploying a backdoo...

pcs security update

0.11.1-10.el90.1 - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz2081333 0.11.1-10 - Fixed snmp client - Fixed translating resource roles in colocation constraint - Resolves: rhbz2048640 0.11.1-9 - Fixed cluster destroy in web ui - Fixed covscan issue in web ui - Resolves:...

The vulnerability of the microprogramming software for the SIMATIC CP 442-1 RNA and SIMATIC CP 443-1 RNA communication modules, related to uncontrolled resource consumption, allows attackers to execute an “ARP storm” attack and cause service failure.

The vulnerability of the microprogramming software for the SIMATIC CP 442-1 RNA and SIMATIC CP 443-1 RNA communication modules is related to an uncontrolled consumption of resources during the processing of ARP requests. Exploiting this vulnerability can allow attackers to execute an “ARP storm”...

co.actioniq:scalavro-core_2.10 (=0.6.3-c3b519ae67902e6e94aab5b6635744250534e0d0), co.actioniq:scalavro_2.10 (=0.6.3-c3b519ae67902e6e94aab5b6635744250534e0d0) +210 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.10 (>=1.2.5 <=1.3.4)

io.spray:spray-json2.10 MAVEN version =1.2.5, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.3 and more Source cves: CVE-2018-18855 Source advisory: OSV:GHSA-WW3V-6XJF-JV28...