Malicious Package

Overview s3transfere is a malicious package. It attempts typosquatting popular packages. The malicious script is base64 obfuscated located in init.py file and tries to steal the current username, platform and IP information and send them to a remote host. Malicious behavior python import getpass...

PT-2023-1145 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a lack of protection for internal system data in the Windows operating system. This could allow an attacker to gain unauthorized access to a device. The vulnerabilit...

CVE-2022-2967

Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data...

CVE-2022-2967

Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modbus Server versions 1.4.18-5 and prior do not sufficiently protect credentials, which could allow an attacker to obtain user credentials and gain access to system data...

Vulnerability fixed in NetApp OnCommand Insight

NetApp has fixed a vulnerability in OnCommand Insight. A unauthenticated malicious person with access to the management interface, could exploit the vulnerability to obtain system data and cause a denial-of-service cause. The vulnerability does not allow the malicious party to access the collecte...

Vulnerabilities fixed in Apple Safari

Apple has fixed vulnerabilities in Safari. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Bypassing security measure. Remote code execution User rights Access to sensitive data Access to system data Apple states that it is aware of...

CVE-2022-41268

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAPBW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized...

CVE-2022-41268

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAPBW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in Mendix, among others, Nucleus NET, RUGGEDCOM, SCALANCE, SICAM, SIMATIC, SIPROTEC and SIMATIC WinCC-OA. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF...

CVE-2022-31596

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform Monitoring DB - version 430, can access BOE Monitoring database to retrieve and modify non-personal system data which wou...

CVE-2022-31596

CVE-2022-31596 affects SAP BusinessObjects Business Intelligence Platform (Monitoring DB) version 430. The vulnerability allows an attacker authenticated as a CMS administrator with high privileges to access the BOE Monitoring database and retrieve/modify non-personal system data that would norma...

Vulnerabilities fixed in Aruba ClearPass

Aruba Networks has fixed vulnerabilities in ClearPass. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Denial-of-Service DoS. Remote code execution Administrator/Root rights...

The vulnerability of the Windows GDI+ interface on Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Windows GDI+ graphics device interfaces on Windows operating systems is related to insufficient protection of system data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using a specially created malicious file...

Vulnerabilities fixed in PHP

Vulnerabilities have been fixed in PHP. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data PHP developers have released updates to...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. When a timeout occurs under a high load, it can cause incorrect data to be returned as the result of an asynchronously executed query. Notes: 1 This vulnerability only affects applications that communicate with...

PT-2022-5635 · Microsoft · Sql Server +3

Name of the Vulnerable Software and Affected Versions: .NET Framework versions prior to the November 2022 update System.Data.SqlClient versions prior to 4.8.5 Microsoft.Data.SqlClient versions prior to 2.1.2 Description: A vulnerability in .NET Framework allows attackers to obtain sensitive...

Vulnerabilities fixed in Oracle Virtualization

Vulnerabilities have been fixed in Oracle Virtualization. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote code...

Vulnerabilities fixed in Oracle Enterprise Manager

Vulnerabilities have been fixed in Oracle Enterprise Manager. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

Vulnerabilities fixed in Oracle Fusion Middleware

Vulnerabilities have been fixed in Oracle Fusion Middleware. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data...

Vulnerabilities fixed in Oracle Supply Chain Products Suite

Vulnerabilities have been fixed in Oracle Supply Chain Products Suite. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Access to...