This Metasploit module serves an OSX app (as a zip) that contains no Info.plist, which bypasses gatekeeper in macOS versions prior to 11.3. If the user visits the site on Safari, the zip file is automatically extracted, and clicking on the downloaded file will automatically launch the payload. If the user visits the site in another browser, the user must click once to unzip the app, and click again in order to execute the payload.
63462c2e64d7852458a439220123a2d9aea8f3c2506a1452879ec40fef583f4f
Epic Games Easy Anti-Cheat version 4.0 suffers from a local privilege escalation vulnerability.
70bfaf6aa2d0a149604e36475222505015277f0a6da0cde0042196586d13bf3c
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
bba26936998447734b16decbd3f0551e8873602944788c2f54de4caa95126c85
WifiHotSpot version 1.0.0.0 suffers from an unquoted service path vulnerability.
759d7504346096292481e7aea13d262dd89fcd3b6cdc1ece693f18a6faa90ea3
Android suffers from memory disclosure, out-of-bounds write, and double-free vulnerabilities in NFC's Felica tag handling.
4db4d57382e328731ad76c3c97332ef31a2266fa29ee8223cb6679b86c5e37c6
Red Hat Security Advisory 2021-1518-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface. It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores. Issues addressed include denial of service and server-side request forgery vulnerabilities.
e87fb4791772030f72c602aaae9c15e3ccdeb0c201ea244532321266dcf4337a
Voting System version 1.0 suffers from a remote shell upload vulnerability.
d3348897b3fad5027085d5afcc90c51917dc30ba25e0626c0c13a1f28d45066f
Human Resource Information System version 0.1 suffers from a remote code execution vulnerability.
793cded03f1a001351077429215c60aa15d52c9f5387bc22c41ee496b43a7279
Voting System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Original discovery of SQL injection in this version is attributed to Syed Sheeraz Ali in May of 2021.
71de720e5c2debcc4767a15a91f20fed4111e55764b67db69df0d49b2ba4b9b2
Sandboxie Plus version 0.7.4 suffers from an unquoted service path vulnerability.
72191f8c626e988ebacd81860f29bd4c0956ac75cd898f32ab6881206634b83d
Sandboxie version 5.49.7 suffers from a denial of service vulnerability.
f69dd9d64e85bedc27dbb2590c9822b2fcbfdfe148b8915137d450f9dae8fa40