Security
Headlines
HeadlinesLatestCVEs

Tag

#redis

Builder XtremeRAT 3.7 MVID-2022-0624 Insecure Crypto Bypass

Builder XtremeRAT malware version 3.7 suffers from an insecure cryptography implementation vulnerability that allows an attacker to login with only partial knowledge of a secret.

Packet Storm
Open in Source
#vulnerability#web#redis#backdoor#perl#auth
Builder XtremeRAT 3.7 MVID-2022-0623 Insecure Permissions

Builder XtremeRAT malware version 3.7 suffers from an insecure permissions vulnerability.

Backdoor.Win32.HoneyPot.a MVID-2022-0622 Weak Hardcoded Password

Backdoor.Win32.HoneyPot.a malware suffers from a weak hardcoded password vulnerability.

New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices.  "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an

CVE-2022-29900: 407 - Xen Security Advisories

AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CVE-2022-29901: oss-security - Xen Security Advisory 407 v1 (CVE-2022-23816,CVE-2022-23825,CVE-2022-29900) - Retbleed

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.

Insecure password leads to Mangatoon data breach

Popular comics site Mangatoon has been breached due to a poorly secured database. The post Insecure password leads to Mangatoon data breach appeared first on Malwarebytes Labs.

CVE-2021-4234: Access Server Release Notes | OpenVPN

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.

Red Hat Security Advisory 2022-5498-01

Red Hat Security Advisory 2022-5498-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include HTTP request smuggling, buffer overflow, bypass, code execution, cross site scripting, denial of service, heap overflow, information leakage, privilege escalation, remote shell upload, remote SQL injection, and traversal vulnerabilities.

EQS Integrity Line Cross Site Scripting / Information Disclosure

EQS Integrity Line versions through 2022-07-01 suffer from cross site scripting and sensitive information disclosure vulnerabilities.