Posted by malvuln on Jul 06
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/38745539b71cf201bb502437f891d799.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Ransom Lockbit 3.0
Vulnerability: Local Unicode Buffer Overflow (SEH)
Description: The ransomware apparently now requires a password to execute
as noted by “@vxunderground” E.g. “-pass…
Posted by Giovanni Pellerano on Jul 06
EQS Integrity Line: Multiple Vulnerabilities
Name Multiple Vulnerabilities in EQS Integrity Line
Systems Affected EQS Integrity Line through 2022-07-01
Severity High
Impact (CVSSv2) High 8.8/10, score: (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Vendor EQS Group AG (https://www.eqs.com/)
Advisory
http://www.ush.it/team/ush/advisory-eqs-integrity-line/eqs_integrity_line.txt
Authors Giovanni…
Posted by Aki Tuomi via Fulldisclosure on Jul 06
Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)
Vulnerability Details:
When two passdb…
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.
