ZDI-22-437: Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

March 7, 2022

Read Time:12 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-22-438: Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

March 7, 2022

Read Time:12 Second

Advisories

ZDI-22-439: Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

March 7, 2022

Read Time:12 Second

Advisories

ZDI-22-440: Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

March 7, 2022

Read Time:12 Second

Advisories

DSA-5092 linux – security update

March 7, 2022

Read Time:7 Second

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

News

Conti ransomware, which leaked ransomware victims’ data, has its own data leaked

March 6, 2022

Read Time:11 Second

Oh how embarrassing for the criminal gang who extorted millions from businesses by threatening to leak their data, that someone leaked some 160,000 messages between their members as well as their malware source code.

Advisories

USN-5314-1: Firefox vulnerabilities

March 6, 2022

Read Time:25 Second

A use-after-free was discovered when removing an XSLT parameter in some
circumstances. If a user were tricked into opening a specially crafted
website, an attacker could exploit this to cause a denial of service, or
execute arbitrary code. (CVE-2022-26485)

A use-after-free was discovered in the WebGPU IPC framework. If a user
were tricked into opening a specially crafted website, an attacker could
exploit this to cause a denial of service, or execute arbitrary code.
(CVE-2022-26486)

Advisories

DSA-5090 firefox-esr – security update

March 6, 2022

Read Time:6 Second

Two security issues have been found in the Mozilla Firefox web browser,
which result in the execution of arbitrary code.

Advisories

DSA-5091 containerd – security update

March 6, 2022

Read Time:5 Second

Felix Wilhelm discovered that the containerd container runtime was
susceptible to information disclosure via malformed container images.

News

Friday Squid Blogging: Far Side Cartoon

March 4, 2022

Read Time:10 Second

Squid, of course.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Cyber Security News

ZDI-22-437: Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-22-438: Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

ZDI-22-439: Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

ZDI-22-440: Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

DSA-5092 linux – security update

Conti ransomware, which leaked ransomware victims’ data, has its own data leaked

USN-5314-1: Firefox vulnerabilities

DSA-5090 firefox-esr – security update

DSA-5091 containerd – security update

Friday Squid Blogging: Far Side Cartoon

News, Advisories and much more