[FD] SEC Consult SA-20220609-0 :: Multiple vulnerabilities in SoftGuard SNMP Network Management Extension

SEC Consult Vulnerability Lab Security Advisory < 20220609-0 > === title: Multiple vulnerabilities product: SoftGuard SNMP Network Management Extension vulnerable version: SoftGuard Web (SGW) < 5.1.5

[FD] SEC Consult SA-20220608-0 :: Stored Cross-Site Scripting & Unsafe Java Deserializiation in Gentics CMS

SEC Consult Vulnerability Lab Security Advisory < 20220608-0 > === title: Stored Cross-Site Scripting & Unsafe Java Deserializiation product: Gentics CMS vulnerable version: 5.36.29, see section below

[FD] SEC Consult SA-20220607-0 :: Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera

SEC Consult Vulnerability Lab Security Advisory < 20220607-0 > === title: Multiple Vulnerabilities product: Infiray IRAY-A8Z3 thermal camera vulnerable version: V1.0.957 fixed version: None

[FD] HNS-2022-02 - HN Security Advisory - Multiple vulnerabilities in Zyxel zysh

Dear Full Disclosure, Find attached a security advisory that details multiple vulnerabilities we discovered in the zysh shell distributed with some Zyxel products, including their security appliances. * Title: Multiple vulnerabilities in Zyxel zysh * Products: Zyxel firewalls, AP controllers,

[FD] Hidden Functionality (Backdoor) (CWE-912) / CVE-2022-29854, CVE-2022-29855

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2022-021 Product: Mitel 6800/6900 Series SIP Phones excluding 6970 Mitel 6900 Series IP (MiNet) Phones Manufacturer: Mitel Networks Corporation Affected

[FD] Trojan-Banker.Win32.Banbra.cyt / Insecure Permissions

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/e0f2bee25dd103d92e91e895e313ec34.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Banker.Win32.Banbra.cyt Vulnerability: Insecure Permissions Description: The

[FD] Backdoor.Win32.Cabrotor.10.d / Unauthenticated Remote Command Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/40acf109fa9621eae6930ef18f804909.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Backdoor.Win32.Cabrotor.10.d Vulnerability: Unauthenticated Remote Command Execution

[FD] Trojan-Proxy.Win32.Symbab.o / Heap Corruption

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/bffc519fbaf2d119bd307cd22368cdc7.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Proxy.Win32.Symbab.o Vulnerability: Heap Corruption Description: The malware

[FD] Trojan-Banker.Win32.Banker.agzg / Insecure Permissions

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/ef1e59148c9a902ae5454760aaab73fe.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Trojan-Banker.Win32.Banker.agzg Vulnerability: Insecure Permissions Description: The

[FD] Ransom.Haron / Code Execution

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/dedad693898bba0e4964e6c9a749d380.txt Contact: malvul...@gmail.com Media: twitter.com/malvuln Threat: Ransom.Haron Vulnerability: Code Execution Description: Haron looks for and executes

[FD] [SYSS-2022-024]: Lepin EP-KP001 - Violation of Secure Design Principles (CWE-657) (CVE-2022-29948)

Advisory ID: SYSS-2022-024 Product: EP-KP001 Manufacturer: Lepin Affected Version(s): KP001_V19 Tested Version(s): KP001_V19 Vulnerability Type:Violation of Secure Design Principles (CWE-657) Risk Level:High

[FD] [SYSS-2022-017]: Verbatim Fingerprint Secure Portable Hard Drive - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385)

Advisory ID: SYSS-2022-017 Product: Fingerprint Secure Portable Hard Drive Manufacturer: Verbatim Affected Version(s): #53650 Tested Version(s): #53650 Vulnerability Type:Insufficient Verification of Data Authenticity (CWE-345)

[FD] [SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

Advisory ID: SYSS-2022-016 Product: Fingerprint Secure Portable Hard Drive Manufacturer: Verbatim Affected Version(s): #53650 Tested Version(s): #53650 Vulnerability Type:Missing Immutable Root of Trust in Hardware (CWE-1326)

[FD] [SYSS-2022-015]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

Advisory ID: SYSS-2022-015 Product: Fingerprint Secure Portable Hard Drive Manufacturer: Verbatim Affected Version(s): #53650 Tested Version(s): #53650 Vulnerability Type:Use of a Cryptographic Primitive with a Risky

[FD] [SYSS-2022-014]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)

Advisory ID: SYSS-2022-014 Product: Fingerprint Secure Portable Hard Drive Manufacturer: Verbatim Affected Version(s): #53650 Tested Version(s): #53650 Vulnerability Type:Use of a Cryptographic Primitive with a Risky

[FD] [SYSS-2022-013]: Verbatim Executive Fingerprint Secure SSD - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385)

Advisory ID: SYSS-2022-013 Product: Executive Fingerprint Secure SSD Manufacturer: Verbatim Affected Version(s): GDMSFE01-INI3637-C VER1.1 Tested Version(s): GDMSFE01-INI3637-C VER1.1 Vulnerability Type:Insufficient Verification

[FD] [SYSS-2022-011]: Verbatim Executive Fingerprint Secure SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

Advisory ID: SYSS-2022-011 Product: Executive Fingerprint Secure SSD Manufacturer: Verbatim Affected Version(s): GDMSFE01-INI3637-C VER1.1 Tested Version(s): GDMSFE01-INI3637-C VER1.1 Vulnerability Type:Missing Immutable Root of

[FD] [SYSS-2022-010]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

Advisory ID: SYSS-2022-010 Product: Executive Fingerprint Secure SSD Manufacturer: Verbatim Affected Version(s): GDMSFE01-INI3637-C VER1.1 Tested Version(s): GDMSFE01-INI3637-C VER1.1 Vulnerability Type:Use of a Cryptographic

[FD] [SYSS-2022-009]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)

Advisory ID: SYSS-2022-009 Product: Executive Fingerprint Secure SSD Manufacturer: Verbatim Affected Version(s): GDMSFE01-INI3637-C VER1.1 Tested Version(s): GDMSFE01-INI3637-C VER1.1 Vulnerability Type:Use of a Cryptographic

[FD] [SYSS-2022-008]: Verbatim Store 'n' Go Secure Portable HDD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)

Advisory ID: SYSS-2022-008 Product: Store 'n' Go Secure Portable HDD Manufacturer: Verbatim Affected Version(s): GD25LK01-3637-C VER4.0 Tested Version(s): GD25LK01-3637-C VER4.0 Vulnerability Type:Expected Behavior Violation

[FD] [SYSS-2022-007]: Verbatim Store 'n' Go Secure Portable HDD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

Advisory ID: SYSS-2022-007 Product: Store 'n' Go Secure Portable HDD Manufacturer: Verbatim Affected Version(s): GD25LK01-3637-C VER4.0 Tested Version(s): GD25LK01-3637-C VER4.0 Vulnerability Type:Missing Immutable Root of Trust

[FD] [SYSS-2022-006]: Verbatim Store 'n' Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

Advisory ID: SYSS-2022-006 Product: Store 'n' Go Secure Portable HDD Manufacturer: Verbatim Affected Version(s): GD25LK01-3637-C VER4.0 Tested Version(s): GD25LK01-3637-C VER4.0 Vulnerability Type:Use of a Cryptographic Primitive

[FD] [SYSS-2022-005]: Verbatim Store 'n' Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)

Advisory ID: SYSS-2022-005 Product: Store 'n' Go Secure Portable HDD Manufacturer: Verbatim Affected Version(s): GD25LK01-3637-C VER4.0 Tested Version(s): GD25LK01-3637-C VER4.0 Vulnerability Type:Use of a Cryptographic Primitive

[FD] [SYSS-2022-004]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Expected Behavior Violation (CWE-440) (CVE-2022-28386)

Advisory ID: SYSS-2022-004 Product: Keypad Secure USB 3.2 Gen 1 Drive Manufacturer: Verbatim Affected Version(s): Part Number #49428 Tested Version(s): Part Number #49428 Vulnerability Type:Expected Behavior Violation (CWE-440)

[FD] [SYSS-2022-003]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)

Advisory ID: SYSS-2022-003 Product: Keypad Secure USB 3.2 Gen 1 Drive Manufacturer: Verbatim Affected Version(s): Part Number #49428 Tested Version(s): Part Number #49428 Vulnerability Type:Missing Immutable Root of Trust in

[FD] [SYSS-2022-002]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)

Advisory ID: SYSS-2022-002 Product: Keypad Secure USB 3.2 Gen 1 Drive Manufacturer: Verbatim Affected Version(s): Part Number #49428 Tested Version(s): Part Number #49428 Vulnerability Type:Use of a Cryptographic Primitive with a

[FD] [SYSS-2022-001]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)

Advisory ID: SYSS-2022-001 Product: Keypad Secure USB 3.2 Gen 1 Drive Manufacturer: Verbatim Affected Version(s): Part Number #49428 Tested Version(s): Part Number #49428 Vulnerability Type:Use of a Cryptographic Primitive with a