CVE-2022-2234

An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system...

DEBIAN-CVE-2021-4041

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...

UBUNTU-CVE-2021-4041

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...

The vulnerability of the TLS protocol implementation in the Illumina Local Run Manager software allows a perpetrator to compromise the confidentiality of protected information, including login credentials.

The vulnerability of the TLS protocol implementation in the Illumina Local Run Manager lies in the transmission of data in an open manner. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality of protected information, including login credentials...

The vulnerability of the Illumina Local Run Manager software lies in the absence of an authentication process, which allows attackers to infiltrate, replicate, modify, and/or intercept confidential data.

The vulnerability of the Illumina Local Run Manager software lies in the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to remotely infiltrate, replicate, modify, and/or intercept sensitive data...

CVE-2022-2551

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating...

Malicious code in npm-run-lal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a01d99608ddf590892902356233f88556d85bedfaf6508f312e9b7d54a69c23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4939 Malicious code in npm-run-lal (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a01d99608ddf590892902356233f88556d85bedfaf6508f312e9b7d54a69c23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security update for canna (important)

openSUSE Security Update: Security update for canna Announcement ID: openSUSE-SU-2022:10091-1 Rating: important References: 1199280 Cross-References: CVE-2022-21950 CVSS scores: CVE-2022-21950 SUSE: 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Backports SLE-15-SP4 ...

OffensiveVBA - Code Execution And AV Evasion Methods For Macros In Office Documents

In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code execution methods and evasion techniques. The list got longer and longer and I found no central place for offensive VBA templates - so this repo can be used for such. It is very far away from being...

CVE-2022-37002

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background...

Microsoft Office 365 (2016 Click-to-Run) Multiple Remote Code Execution Vulnerabilities (Aug 2022)

This host is missing a critical security update according to Microsoft Office Click-to-Run update August 2022 SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

CVE-2022-37002

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background...

USN-5177-1 inetutils vulnerability

It was discovered that Inetutils did not properly check the response of ftp requests. A remote attacker could use this vulnerability to cause a crash or run programs in the user machine...

vaultOwner Can Front-Run rebalance() With setAutomation() To Lower Incentives

Lines of code Vulnerability details Impact A vaultOwner who is "not confident enough in ourselves to stay up-to-date with market conditions to know when we should move to less volatile collateral to avoid liquidations." They can open their vault to other users who pay attention to the markets and...

The vulnerability of the Illumina Local Run Manager software, related to improper code generation management, allows a malicious actor to execute arbitrary code, modify settings, configurations, software, or gain access to confidential data of the affected product.

The vulnerability of the Illumina Local Run Manager software is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code, modify settings, configurations, software, or gain access to confidential data of the affected product...

In libtirpc before 1.3.3rc1 remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can in turn lead to an svc_run infinite loop without accepting new connections.

...

The vulnerability of the Illumina Local Run Manager software lies in the lack of restrictions on file downloads, which allows a hacker to execute arbitrary code.

The vulnerability of the Illumina Local Run Manager software lies in the lack of restrictions on file downloads. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Illumina Local Run Manager software exists due to an incorrect limitation on the path to the restricted access directory. This allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Illumina Local Run Manager software exists due to an incorrect limitation on the path to the restricted access directory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2022-22215

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module PAM of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS. It is possible that after the...