VMware Releases Security Updates for Multiple products

VVMware has released security updates to address multiple vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisories VMSA-2022-0031,...

PT-2022-26006 · Daikin · Daikin Svmpc1 +1

Name of the Vulnerable Software and Affected Versions: Daikin SVMPC1 versions 2.1.22 and prior Daikin SVMPC2 versions 1.2.3 and prior Description: The issue allows an attacker to obtain user login credentials and control the system. Recommendations: For Daikin SVMPC1 versions 2.1.22 and prior,...

PT-2022-6253 · Delta Electronics · Delta Electronics Dvw-W02W2-E2

Name of the Vulnerable Software and Affected Versions: Delta Electronics DVW-W02W2-E2 version 1.5.0.10 Description: The issue is related to a command injection vulnerability via crafted URLs in the web server of the Delta Electronics DVW-W02W2-E2 device. This vulnerability is due to the failure t...

Fortinet Releases Security Updates for FortiOS

Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2022-42475 in FortiOS. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators t...

Authentication flaw

UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service...

The vulnerabilities of the System Control Interface and AsusSwitch drivers, along with the AsusLiveUpdate.dll library for Windows operating systems, allow a hacker to write or delete any files from the Temp directory.

The vulnerability of the System Control Interface and AsusSwitch drivers, as well as the AsusLiveUpdate.dll library for Windows operating systems, is related to incorrect default permissions. Exploiting this vulnerability can allow an attacker to write or delete any files from the Temp directory...

The vulnerability of the System Control Interface and AsusSwitch drivers for Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the System Control Interface and AsusSwitch drivers for Windows operating systems is related to incorrect default permissions. Exploiting this vulnerability can allow an attacker to increase their privileges within the system...

CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...

CVE-2022-36438

AsusSwitch.exe on ASUS personal computers running Windows sets weak file permissions, leading to local privilege escalation this also can be used to delete files within the system arbitrarily. This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0...

CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...

Privilege escalation

AsusSwitch.exe on ASUS personal computers running Windows sets weak file permissions, leading to local privilege escalation this also can be used to delete files within the system arbitrarily. This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0...

Design/Logic Flaw

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...

CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...

CVE-2022-36438

AsusSwitch.exe on ASUS personal computers running Windows sets weak file permissions, leading to local privilege escalation this also can be used to delete files within the system arbitrarily. This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0...

ASUS System Control Interface 安全漏洞

ASUS System Control Interface is a computer system control interface from ASUS, a Chinese company. A security vulnerability exists in ASUS System Control Interface versions prior to 3.1.5.0 and AsusSwitch.exe versions prior to 1.0.10.0, which stems from weak file permissions and results in elevat...

ASUS System Control Interface 安全漏洞

ASUS System Control Interface is a computer system control interface from ASUS, China. privilege to delete another, more privileged file...

CVE-2022-36439

CVE-2022-36439 affects ASUS System Control Interface components on Windows: AsusSoftwareManager.exe before 1.0.53.0, AsusLiveUpdate.dll before 1.0.45.0, and System Control Interface before 3.1.5.0. A local attacker could write to the Temp directory and delete a more privileged file using SYSTEM p...

PT-2022-5315 · Asus +1 · Asussoftwaremanager.Exe +3

Name of the Vulnerable Software and Affected Versions: ASUS System Control Interface versions prior to 3.1.5.0 AsusSoftwareManager.exe versions prior to 1.0.53.0 AsusLiveUpdate.dll versions prior to 1.0.45.0 Description: The issue is related to incorrect default permissions in the System Control...

CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...

PT-2022-5314 · Asus +1 · Asusswitch.Exe +2

Name of the Vulnerable Software and Affected Versions: ASUS System Control Interface versions prior to 3.1.5.0 AsusSwitch.exe versions prior to 1.0.10.0 Description: The issue is related to incorrect default permissions in the System Control Interface and AsusSwitch drivers for Windows operating...