PT-2022-37392 · Pypi · D8S-Htm +2

Name of the Vulnerable Software and Affected Versions: d8s-strings affected versions not specified d8s-htm version 0.1.0 Description: A potential code-execution backdoor was inserted by a third party into the d8s-strings package distributed on PyPI. Another affected package is democritus-uuids...

SUSE-SU-2022:3878-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: hub-xmlrpc-api: - Use golangAPI = 1.18 for building on SUSE bsc1203599 This source fails to build with the current go1.19 on SUSE and we need to use go1.18 instead. inter-server-sync: - Version 0.2.4 Improve memory usage and log information 17193 Conditiona...

CVE-2022-40190

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting XSS. The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive...

Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity

The Wordfence Threat Intelligence team has been monitoring exploit attempts targeting two zero-day vulnerabilities in Microsoft Exchange Server tracked as CVE-2022-41040 and CVE-2022-41082, collectively known as ProxyNotShell. These vulnerabilities are actively being exploited in the wild. At the...

Code injection

Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed. As of this release,...

CVE-2022-42466

Apache Isis prior to version 2.0.0-M9 is affected by a cross-site scripting vulnerability caused by input strings not being escaped when rendered, allowing injected scripts to execute. The issue is addressed in 2.0.0-M9 and later by escaping input strings during rendering. Affected products inclu...

Ubuntu: Security Advisory (USN-5686-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2022-0371)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5686-1 git vulnerabilities

Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. CVE-2022-39253 Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to...

Denial Of Service (DoS)

unzip is vulnerable to denial of service. The vulnerability exists because of the improper handling of Unicode strings, allowing an attacker to crash the application through the null pointer dereference by providing a maliciously crafted zip file...

GLSA-202210-02 : OpenSSL: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-02 OpenSSL: Multiple Vulnerabilities - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH...

FUD-UUID-Shellcode - Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness

Introduction Another shellcode injection technique using C++ that attempts to bypass Windows Defender using XOR encryption sorcery and UUID strings madness :. How it works Shellcode generation Firstly, generate a payload in binary format using either CobaltStrike or msfvenom for instance, in...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : unzip vulnerabilities (USN-5673-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5673-1 advisory. It was discovered that unzip did not properly handle unicode strings under certain circumstances. If a user were...

ruby: Regular expression denial of service vulnerability of Date parsing methods

A flaw was found in ruby, where the date object was found to be vulnerable to a regular expression denial of service ReDoS during the parsing of dates. This flaw allows an attacker to hang a ruby application by providing a specially crafted date string. The highest threat to this vulnerability is...

CVE-2022-37894

An unauthenticated Denial of Service DoS vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x:...

CVE-2022-37895

An unauthenticated Denial of Service DoS vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x:...

Denial of service

An unauthenticated Denial of Service DoS vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x:...

CVE-2020-15337

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests...

CVE-2020-15337

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests...

CVE-2020-15338

Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests...