CVE-2022-36040

CVE-2022-36040 affects Rizin up to version 0.4.0. It is an out-of-bounds write when getting data from PYC (Python) files, and a user opening a malicious PYC could cause code execution on the local system. The patch is recorded in commit 68948017423a12786704e54227b8b2f918c2fd27; advisories note up...

CVE-2022-36040 Rizin Out-of-bounds Write vulnerability in pyc/marshal.c

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to an out-of-bounds write when getting data from PYCpython files. A user opening a malicious PYC file could be affected by this vulnerability, allowing an attacker to execute code ...

CVE-2022-36042

Rizin (versions ≤ 0.4.0) is vulnerable to an out-of-bounds write when processing dyld cache data, allowing code execution if a user opens a crafted dyld cache. The issue is tracked as CVE-2022-36042. A patch is available in commit 556ca2f9eef01ec0f4a76d1fbacfcf3a87a44810. Related advisories refer...

Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 安全漏洞

The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. A security vulnerability exists in the Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor that stems from multiple binary application files on the CMS8000 device...

CVE-2022-36121

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData...

CVE-2022-36117

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If...

CVE-2022-36117

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If...

CVE-2022-36117

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If...

CVE-2022-36115

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An...

Security feature bypass

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If...

Input validation

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the setValidationInfo...

CVE-2022-36118

CVE-2022-36118 affects Blue Prism Enterprise 6.0–7.01. In a misconfigured environment exposing the Blue Prism Application server, an authenticated user can reverse‑engineer the software and bypass access controls on the SetProcessAttributes administrative function, enabling any logged‑in user to ...

CVE-2022-36117

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If...

Blue Prism Enterprise 安全漏洞

Blue Prism Enterprise is an intelligent robotic process automation RPA software from Blue Prism UK. A security vulnerability exists in Blue Prism Enterprise versions 6.0 through 7.01 that stems from the possibility that an authenticated user could reverse engineer the Blue Prism software to...

A Long-Awaited IoT Reverse Engineering Tool Is Finally Here

Ten years after it was first unveiled, the powerful firmware analysis platform Ofrak is now available to anyone...

Design/Logic Flaw

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...

RESim - Reverse Engineering Software Using A Full System Simulator

Reverse engineering using a full system simulator. Dynamic analysis by instrumenting simulated hardware using Simics Trace process trees, system calls and individual programs Reverse execution to selected breakpoints and events Integrated with IDA Protm debugging client Fuzz with a customized AFL...

Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method

The operators of the Hive ransomware-as-a-service RaaS scheme have overhauled their file-encrypting software to fully migrate to Rust and adopt a more sophisticated encryption method. "With its latest variant carrying several major upgrades, Hive also proves it's one of the fastest evolving...

How security leaders can help their teams avoid burnout

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Voice of the Community blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Maria...

How security leaders can help their teams avoid burnout

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Voice of the Community blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Maria...