This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability.
Category Archives: Advisories
ZDI-22-757: Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
USN-5393-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
conduct spoofing attacks, or execute arbitrary code. (CVE-2022-1097,
CVE-2022-1196, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285,
CVE-2022-28286, CVE-2022-28289)
It was discovered that Thunderbird ignored OpenPGP revocation when
importing a revoked key in some circumstances. An attacker could
potentially exploit this by tricking the user into trusting the
authenticity of a message or tricking them into use a revoked key to
send an encrypted message. (CVE-2022-1197)
CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
mingw-freetype-2.11.0-2.fc35
FEDORA-2022-0985b0cb9f
Packages in this update:
mingw-freetype-2.11.0-2.fc35
Update description:
Backport fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406
mingw-freetype-2.11.1-3.fc36
FEDORA-2022-539ff0cd2e
Packages in this update:
mingw-freetype-2.11.1-3.fc36
Update description:
Backport fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406
Backdoor.Win32.Agent.aegg / Weak Hardcoded Credentials
Posted by malvuln on Apr 27
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/58be35e792476d1c015df7853112d200.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Agent.aegg
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 8665. Authentication is
required, however the password “Xc 2870508” is weak and hardcoded within
the PE file.
Family: Agent…
Trojan-Downloader.Win32.Agent / Insecure Permissions
Posted by malvuln on Apr 27
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/fb3ac3c9d808de7f4b5ede68715f658f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan-Downloader.Win32.Agent
Vulnerability: Insecure Permissions
Description: The malware writes a PE file to the “WindowsSystem” directory
granting change (C) permissions to the authenticated user group. Standard
users can rename the…
Backdoor.Win32.Cafeini.b / Port Bounce Scan
Posted by malvuln on Apr 27
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/851f8945d1b5923990f4722d627156a0_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Port Bounce Scan
Description: The malware runs an FTP server on TCP port 23. Third-party
adversaries who successfully logon can abuse the backdoor FTP server as a
man-in-the-middle machine allowing PORT…
Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials
Posted by malvuln on Apr 27
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/851f8945d1b5923990f4722d627156a0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Cafeini.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 23. Authentication is
required, however the credentials test:test are weak and hardcoded within
the PE file.
Family: Cafeini
Type: PE32…