Category Archives: Advisories

chromium-103.0.5060.114-1.el8

Read Time:18 Second

FEDORA-EPEL-2022-89ad385971

Packages in this update:

chromium-103.0.5060.114-1.el8

Update description:

Update to 103.0.5060.114. Fixes:

CVE-2022-2156 CVE-2022-2157 CVE-2022-2158 CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164 CVE-2022-2165 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296

Read More

chromium-103.0.5060.114-1.el9

Read Time:18 Second

FEDORA-EPEL-2022-6bc3fba14e

Packages in this update:

chromium-103.0.5060.114-1.el9

Update description:

Update to 103.0.5060.114. Fixes:

CVE-2022-2156 CVE-2022-2157 CVE-2022-2158 CVE-2022-2160 CVE-2022-2161 CVE-2022-2162 CVE-2022-2163 CVE-2022-2164 CVE-2022-2165 CVE-2022-2294 CVE-2022-2295 CVE-2022-2296

Read More

[CFP] 2nd International Workshop on Cyber Forensics and Threat Investigations Challenges CFTIC 2022 (Virtual)

Read Time:22 Second

Posted by Andrew Zayine on Jul 18

2nd International Workshop on Cyber Forensics and Threat
Investigations Challenges
October 10-11, 2022, Taking Place Virtually from the UK
https://easychair.org/cfp/CFTIC2022

Cyber forensics and threat investigations has rapidly emerged as a new
field of research to provide the key elements for maintaining
security, reliability, and trustworthiness of the next generation of
emerging technologies such as the internet of things, cyber-physical…

Read More

Builder XtremeRAT v3.7 / Insecure Crypto Bypass

Read Time:19 Second

Posted by malvuln on Jul 18

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Builder XtremeRAT v3.7
Vulnerability: Insecure Crypto Bypass
Description: The malware builds backdoors and requires authentication to
access the GUI using credentials stored in the “user.info” config file.
XtremeRAT…

Read More

Builder XtremeRAT v3.7 / Insecure Permissions

Read Time:20 Second

Posted by malvuln on Jul 18

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/7f314e798c150aedd9ce41ed39318f65.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Builder XtremeRAT v3.7
Vulnerability: Insecure Permissions
Description: The malware builds and writes a PE file to c drive granting
change (C) permissions to the authenticated user group. Standard users can
rename the executable…

Read More

Backdoor.Win32.HoneyPot.a / Weak Hardcoded Password

Read Time:19 Second

Posted by malvuln on Jul 18

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/e3bb503f9b02cf57341695f30e31128f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.HoneyPot.a
Vulnerability: Weak Hardcoded Password
Description: The malware listens on various TCP ports of which one can be
port 21 when enabled. Authentication is required, however the credentials…

Read More

SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS

Read Time:20 Second

Posted by David Brown via Fulldisclosure on Jul 18

Title
=====

SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2022-28888

Link
====

https://www.schutzwerk.com/en/43/advisories/schutzwerk-sa-2022-003/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2022-003.txt

Affected products/vendor
========================

Spryker Commerce OS by Spryker Systems GmbH, with…

Read More