Category Archives: Advisories

Backdoor.Win32.Eclipse.h / Weak Hardcoded Credentials

Read Time:19 Second

Posted by malvuln on Jul 21

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8b470931114527b4dce42034a95ebf46.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Eclipse.h
Vulnerability: Weak Hardcoded Credentials
Family: Eclipse
Type: PE32
MD5: 8b470931114527b4dce42034a95ebf46
Vuln ID: MVID-2022-0625
Disclosure: 07/21/2022
Description: The malware listens on TCP port 6210 and…

Read More

golang-github-distribution-3-2.8.0~beta.1-3.20220203gitb609265.fc36 golang-github-facebook-time-0-0.9.20220615git8413c32.fc36 golang-github-hpcloud-tail-1.0.0-11.20190325gita1dbeea.fc36 golang-github-stomp-3-3.0.2-4.fc36 onionscan-0.2-12.fc36

Read Time:27 Second

FEDORA-2022-4b5537c44c

Packages in this update:

golang-github-distribution-3-2.8.0~beta.1-3.20220203gitb609265.fc36
golang-github-facebook-time-0-0.9.20220615git8413c32.fc36
golang-github-hpcloud-tail-1.0.0-11.20190325gita1dbeea.fc36
golang-github-stomp-3-3.0.2-4.fc36
onionscan-0.2-12.fc36

Update description:

Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang

See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.

Read More

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Read Time:58 Second

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
macOS Catalina is the 16th major release of macOS
macOS Big Sur is the 17th release of macOS.
macOS Monterey is the 18th and current major release of macOS.
Safari is a graphical web browser developed by Apple.
tvOS is an operating system for fourth-generation Apple TV digital media player.
watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More