Backdoor.Win32.Augudor.b MVID-2022-0644 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Augudor.b Vulnerability: Remote File Write Code Execution Description: The...

CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable...

CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable...

PT-2022-19291 · F Secure +1 · F-Secure +1

Name of the Vulnerable Software and Affected Versions: F-Secure and WithSecure products affected versions not specified Description: A Denial-of-Service issue was discovered in F-Secure and WithSecure products. The aerdl.so or aerdl.dll component may enter an infinite loop when unpacking PE files...

CVE-2022-35025

OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8...

Malicious NPM Package Caught Mimicking Material Tailwind CSS Package

A malicious NPM package has been found masquerading as the legitimate software library for Material Tailwind, once again indicating attempts on the part of threat actors to distribute malicious code in open source software repositories. Material Tailwind is a CSS-based framework advertised by its...

CVE-2022-38532

Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component CFeatures of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable...

CVE-2022-38532

Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component CFeatures of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable...

CVE-2022-38532

Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component CFeatures of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable...

CVE-2022-40978

The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerable to EXE search order hijacking...

PT-2022-24440 · Msi · Msi Center

Name of the Vulnerable Software and Affected Versions: MSI Center version 1.0.50.0 Description: The issue allows attackers to escalate privileges via running a crafted executable, exploiting a vulnerability in the component C Features of MSI.CentralServer.exe. Recommendations: For version 1.0.50....

JetBrains IntelliJ IDEA 代码问题漏洞

JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA versions prior to 2022.2.2, which stems from the vulnerability of the installer to an EXE search command...

Micro-Star International MSI Center 安全漏洞

Micro-Star International MSI Center is a monitoring and management platform from Micro-Star International China. All your favorite features can be found on the feature set page, such as Game Mode or Smart Priority. A security vulnerability exists in Micro-Star International MSI Center version...

CVE-2022-3214

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing...

CVE-2022-3214

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to 1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing...

CVE-2022-35292

In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to...

CVE-2022-35292

In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to...

Design/Logic Flaw

A vulnerability has been identified in Parasolid V33.1 All versions = V33.1.262 = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while...

LIEF 缓冲区错误漏洞

LIEF is a cross-platform library from the individual developer Romain Thomas. It is used to parse, modify and abstract Elf, Pe and MachO formats. LIEF has a security vulnerability that stems from a heap buffer overflow in the printbinary function in /c/machoreader.c. The vulnerability is caused b...

SAP Business One 代码问题漏洞

SAP Business One is a set of enterprise management software from SAP. The software includes functionality for financial management, operations management, and human resource management. A code issue vulnerability exists in the SAP Business One application that originates from the creation of a...