PT-2023-9548

Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description The issue is related to the command go env which outputs a shell script containing the Go environment. However, go env does not sanitize the values, allowing for various bad behaviors when its...

Google Chrome Input Validation Error Vulnerability (CNVD-2023-65158)

Google Chrome is a web browser from Google, an American company. An input validation error vulnerability previously existed in Google Chrome on ChromeOS version 115.0.5790.98, which stemmed from an insufficient validation of untrusted input in Chromad. An attacker could exploit the vulnerability ...

DEBIAN-CVE-2023-3739

Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. Chromium security severity: Low...

Input validation

Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. Chromium security severity: Low...

CVE-2023-3739

Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. Chromium security severity: Low...

CVE-2023-3739

Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. Chromium security severity: Low...

CVE-2023-3739

Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. Chromium security severity: Low...

CVE-2023-3739

CVE-2023-3739 affects Google Chrome on ChromeOS, via Chromad. The vulnerability stems from insufficient validation of untrusted input in Chromad, enabling a remote attacker to execute arbitrary code with a crafted shell script on ChromeOS builds prior to 115.0.5790.131. Impact is remote code exec...

Oracle RMAN Missing Auditing

Title: CVE-2020-2978 - Oracle RMAN Audit table point in time recovery not recorded Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c Risk Level: Medium Score: 4.1 Solution Status: Fixed CVE Reference: CVE-2020-2978 Author of Advisory: Emad...

Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration

The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aime...

SUSE CVE-2008-5374

bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb.? temporary file, related to the 1 aliasconv.sh, 2 aliasconv.bash, and 3 cshtobash scripts...

SUSE CVE-2012-2666

golang/go in 1.0.2 fixes all.bash on shared machines. dotest in src/pkg/debug/gosym/pclntabtest.go creates a temporary file with predicable name and executes it as shell script...

Wago PFC200 Cloud Connectivity Remote Code Execution (CVE-2019-5161)

An exploitable remote code execution vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 versions 03.02.0214, 03.01.0713, and 03.00.3912. A specially crafted XML file will direct the Cloud Connectivity service to download and execute a shell script with root privileges. Th...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

cve-2022-44268-detector - detect malicious PNGs cve-2022-4426...

Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware

A now-patched vulnerability in VMware Workspace ONE Access has been observed being exploited to deliver both cryptocurrency miners and ransomware on affected machines. "The attacker intends to utilize a victim's resources as much as possible, not only to install RAR1Ransom for extortion, but also...

Exploit for CVE-2022-42457

CVE-2022-42457 Generex-CS141-Authenticated-Remote-Command-Exec...

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple an...

ruby-arr-pm 操作系统命令注入漏洞

ruby-arr-fpm is an RPM read/write library written in Ruby by the individual developer Jordan Sissel. It is intended to provide a way for fpm to read and write RPMs. A security vulnerability exists in ruby-arr-pm version 0.0.11 and earlier. An attacker could use this vulnerability to execute shell...

Exploit for Path Traversal in Apache Http_Server

Mitigation-CVE-2021-41773- Shell Script to mitigate CVE-2021-4...

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system,...