point-cli allows local users to obtain sensitive information by listing the process

lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process...

GHSA-5G7F-P7JG-V6MV lean-ruport allows local users to obtain sensitive information by listing the process

test/tcdatabase.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process...

Rocky Linux 8 : polkit (RLSA-2022:1546)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1546 advisory. - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from thi...

redis -- Multiple vulnerabilities

Aviv Yahav reports: CVE-2022-24735 By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the potentially higher privileges of another Redis user. CVE-2022-24736 An attacker attempting to load a specially craft...

DDexec - A Technique To Run Binaries Filelessly And Stealthily On Linux Using Dd To Replace The Shell With Another Process

In Linux in order to run a program it must exist as a file, it must be accessible in some way through the file system hierarchy this is just how execve works. This file may reside on disk or in ram tmpfs, memfd but you need a filepath. This has made very easy to control what is run on a Linux...

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2022-1580)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Veeam Backup & Replication installer fails to launch with the error: "Only one instance of Veeam Backup & Replication Setup is allowed."

Challenge When attempting to launch the Veeam Backup & Replication installer, the following error occurs: Only one instance of Veeam Backup & Replication Setup is allowed. Copy Cause Another instance of the Veeam Backup & Replication Setup.exe is already running. Solution Open Task Manager and...

Siemens Simcenter Femap Out-of-Bounds Read Vulnerability (CNVD-2022-28490)

An out-of-bounds read vulnerability exists in Siemens Simcenter Femap, an advanced simulation application for creating, editing, and inspecting finite element models of complex products or systems, which can be exploited by attackers to execute code in the context of the current process...

Unspecified Vulnerability in Siemens SIMATIC Energy Manager

SIMATIC Energy Manager visualizes process energy flows and consumption values in detail, assigns them to the relevant consumers or cost centers, and determines the reasons for changes. A security vulnerability exists in Siemens SIMATIC Energy Manager, which can be exploited by an attacker to...

Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65028)

Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting. A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by an attacker to execute arbitrary code in the context of the current process...

Command injection

totolink EX300v2 V4.0.3c.140B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo...

CVE-2022-22935

Removed by vendor...

Backdoor.Win32.Cafeini.b Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/b24c56abb4bde960c2d51d4e509d2c68B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.b Vulnerability: Weak Hardcoded Credentials Family: Cafeini Type: PE32 MD5:...

CVE-2022-0667

When the vulnerability is triggered the BIND process will exit. BIND 9.18.0...

CVE-2021-4115

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being...

Siemens Simcenter Femap Out-of-Bounds Write Vulnerability (CNVD-2022-12808)

Simcenter Femap is an advanced simulation application for creating, editing, and inspecting finite element models of complex products or systems.Siemens Simcenter Femap out-of-bounds write vulnerability can be exploited by attackers to execute code in the context of the current process...

Siemens Simcenter Femap Buffer Overflow Vulnerability

Simcenter Femap is an advanced simulation application for creating, editing, and inspecting finite element models of complex products or systems.Siemens Simcenter Femap buffer overflow vulnerability can be exploited by attackers to execute code in the context of the current process...

CVE-2021-4115

CVE-2021-4115 — polkit denial of service via file descriptor exhaustion . The flaw allows an unprivileged user to crash polkit, affecting availability. Public advisories confirm a fix is available upstream and in vendor advisories, with multiple OS-specific patches. For example, Arch Linux ASA-20...

Jenkins Doktor Plugin Proxy Controller Security Bypass Vulnerability

Jenkins plug-ins are plug-ins that provide appropriate functionality for Jenkins. The Jenkins Doktor Plugin Agent Controller security bypass vulnerability can be exploited to allow an attacker to take control of the agent process to determine if a file with a given name exists...

Bentley Systems Bentley View Resource Management Error Vulnerability

Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A resource management error vulnerability exists in Bentley Systems Bentley View, which can be exploited by an attacker to execute code in the context of the current process...