Design/Logic Flaw

A vulnerability has been identified in Parasolid V33.1 All versions = V33.1.262 = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application contains an out of bounds write past the end of an allocated buffer while...

LIEF 缓冲区错误漏洞

LIEF is a cross-platform library from the individual developer Romain Thomas. It is used to parse, modify and abstract Elf, Pe and MachO formats. LIEF has a security vulnerability that stems from a heap buffer overflow in the printbinary function in /c/machoreader.c. The vulnerability is caused b...

SAP Business One 代码问题漏洞

SAP Business One is a set of enterprise management software from SAP. The software includes functionality for financial management, operations management, and human resource management. A code issue vulnerability exists in the SAP Business One application that originates from the creation of a...

CVE-2022-36070

Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. git config. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to th...

Backdoor.Win32.Winshell.5_0 MVID-2022-0633 Hardcoded Credential

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/5bc5f72d19019a2fa3b75896e82ae1e5.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Winshell.50 Vulnerability: Weak Hardcoded Credentials Description: The...

CVE-2022-38176

An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as...

CVE-2022-36670

PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable...

CVE-2022-37771

IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable...

CVE-2022-36670

PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable...

CVE-2022-37771

CVE-2022-37771 affects IObit Malware Fighter v9.2 on Windows, where lack of tamper protection lets an authenticated Administrator modify application processes and escalate to SYSTEM via a crafted executable. The issue is described as a local vulnerability with high impact on confidentiality, inte...

Symantec PCProtect Endpoint 安全漏洞

Symantec PCProtect Endpoint is an antivirus program from Symantec USA. A security vulnerability exists in Symantec PCProtect Endpoint prior to v5.17.470, which stems from a lack of tamper protection and allows an authenticated attacker with administrator privileges to modify processes in the...

PT-2022-24061 · Iobit · Iobit Malware Fighter

Name of the Vulnerable Software and Affected Versions: IObit Malware Fighter version 9.2 Description: The issue allows authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable, due to the lack of...

IObit Malware Fighter 安全漏洞

IOBit Malware Fighter is a suite of antivirus software for Windows-based platforms from IOBit. The program has anti-malware and virus protection features. A security vulnerability exists in IObit Malware Fighter v9.2, which is caused by allowing an authenticated attacker with administrator...

PT-2022-10447 · Qualcomm · Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue arises due to insufficient validation of ELF headers, leading to an incorrect calculation of buffer size in the boot process. This can result in memory corruption in...

DEBIAN-CVE-2022-1976

A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation...

Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope

A persistent Golang-based malware campaign dubbed GOWEBBFUSCATOR has leveraged the deep field image taken from NASA's James Webb Space Telescope JWST as a lure to deploy malicious payloads on infected systems. The development, revealed by Securonix, points to the growing adoption of Go among thre...

Exploit for CVE-2020-1472

ZeroLogon CVE-2020-1472 C++ version. This tool directly re...

CVE-2022-37173

An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe...

CVE-2022-37173

An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe...

CVE-2022-36563

Incorrect access control in the install directory C:\RailsInstaller of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...