Windows Ancillary Function Driver for WinSock is prone to a DoS because of an integer overflow.

This update adds a new parameter to the "Ransomware Simulation" module: "RENAME FILES"; if set to TRUE, encrypted files will also be renamed by adding the .1mp4ct extension to them.

A denial of service vulnerability exists in Point-to-Point Tunneling Protocol service when an unauthenticated attacker connects to the target system and sends specially crafted requests.

This update adds a couple modules to simulate a ransomware attack in a previously exploited host. "Ransomware Simulation" to run the simulated ransomware attack. "Files Decryption after Ransomware Simulation" to decrypt previously encrypted files.

An athentication bypass present in iControl REST of F5 BIG-IP allows unauthenticated remote attackers to execute OS commands as root.

The customError.ftl filter in VMware Workspace ONE Access allows remote attackers to achieve remote code execution via server-side template injection.

An unsafe data binding used to populate an object from request parameters (either query parameters or form data) to set a Tomcat specific ClassLoader in Spring MVC and Spring WebFlux applications allows unauthenticated attackers to upload and execute a JSP file in the Tomcat virtual file system webapps directory.

A deserialization vulnerability present in the OpenssoEngineController component of Oracle Access Manager allows a unauthenticated attacker with network access via HTTP to execute system commands.

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel's watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.

This module exploits a vulnerability in Apache APISIX batch requests plugin to perform a remote code execution.