FEDORA-EPEL-2023-8c6f3e37e1

Packages in this update:

syslog-ng-3.35.1-6.el9

Update description:

Security fix for CVE-2022-38725

Read More

FEDORA-2023-d332f0b6a3

Packages in this update:

community-mysql-8.0.32-1.fc37

Update description:

MySQL 8.0.32

Release notes:

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html

Read More

FEDORA-2023-e449235964

Packages in this update:

community-mysql-8.0.32-1.fc36

Update description:

MySQL 8.0.32

Release notes:

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html

Read More

A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is e05e0104fc42ad13b57e2b2cb2d1857432624d39. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220219. NOTE: This attack is not very likely.

Read More

A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this issue. The name of the patch is 8649157158f921590d650e2d2f4bdf0df1017e9d. It is recommended to upgrade the affected component. VDB-220218 is the identifier assigned to this vulnerability.

Read More

FEDORA-2023-c41e8f24bb

Packages in this update:

tigervnc-1.13.0-1.fc36

Update description:

Tigervnc 1.13.0 update.

CVE-2023-0494 tigervnc: xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation

Read More

FEDORA-2023-4d443bd03f

Packages in this update:

tigervnc-1.13.0-1.fc37

Update description:

Tigervnc 1.13.0 update.

CVE-2023-0494 tigervnc: xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation

Read More

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for privilege escalation. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.

Read More

FortiGuard Labs is aware of reports that ESXi servers around the globe that are vulnerable to the VMware ESXi OpenSLP HeapOverflow vulnerability (CVE-2021-21974) are being exploited through the OpenSLP (port 427) to deliver a new ransomware “ESXiArgs”. The ransomware encrypts files in affected ESXi servers and demand a ransom for file decryption.Why is this Significant?This is significant because a new ransomware “ESXiArgs” is being deployed to ESXi servers that are prone to the VMware ESXi OpenSLP HeapOverflow vulnerability (CVE-2021-21974). The ransomware encrypts files with pre-specified file extensions and demands a ransom from victims for file decryption.A patch for CVE-2021-21974 was released almost two years ago, which lowers the impact and severity of this incident.What is ESXiArgs Ransomware?ESXiArgs is a new ransomware that encrypts files on ESXi servers and According to OSINT, the ransomware targets files with “.vmdk”, “.vmx”, “.vmxf”, “.vmsd”, “.vmsn”, “.vswp”, “.vmss”, “.nvram”, and “.vmem” file extensions. The ransomware reportedly creates a args file containing metadata for each file it encrypted. Data exfiltration has not been reported.ESXiArgs ransomware is said to be related to another ransomware “Nevada”, however we have not been able to verify the claim.What is CVE-2021-21974 (VMware ESXi OpenSLP HeapOverflow vulnerability)?CVE-2021-21974 is a heap overflow vulnerability in OpenSLP and affects VMware ESXi version 7.0, 6.7, and 6.5. The vulnerability is due to an improper boundary check condition in the application. A remote, unauthenticated attacker can exploit this to execute arbitrary code with the privileges of the OpenSLP service, via a crafted request the target server.The vulnerability has a CVSS score of 8.8 and is rated important.Has the Vendor Released a Patch for CVE-2021-21974?Yes, VMWare released a patch for CVE-2021-21974 on February 23rd, 2021.What is the Status of Protection?FortuGuard Labs provides protection for this latest attack with the following AV signatures:ELF/Filecoder.85D3!tr.ransomLinux/Agent.SR!trPython/Agent.937D!trFortiGuard Labs has the following IPS signature in place for CVE-2021-21974 (VMware ESXi OpenSLP HeapOverflow vulnerability):• VMware.ESXi.OpenSLP.Heap.Buffer.Overflow

Read More

FortiGuard Labs is aware of a report that a new malware “HeadCrab” was deployed to over 1,000 Redis servers around the globe for crypto mining attacks. HeadCrab threat actor reportedly targets internet facing Redis servers that do not require authentication.Why is this Significant?This is significant because “HeadCrab” malware was discovered to be installed on over 1,000 compromised Redis severs around the globe. While the main purpose of HeadCrab appears to be for crypto mining operations, an attacker can perform other malicious activities and deploy malware to the affected Redis servers since they are under control of the attacker. As such, vulnerable Redis servers exposed to the internet need to be either taken offline or authentication be enabled.What is HeadCrab malware?HeadCrab is a malware that was deployed to internet facing Redis servers which do not require authentication. Once the HeadCrab threat actor finds and compromises a vulnerable Redis server, the compromised server is synchronized with the attacker’s master Redis server, which serves HeadCrab malware.HeadCrab malware receives commands from the attacker’s master Redis server and performs activities accordingly. While the threat actor reportedly used HeadCrab for mining Monero crypto currency, it could be used for other malicious activities such as exfiltrating information. Also, threat actors can serve other malware and perform malicious activities on compromised Redis servers.What is the Status of Protection?FortiGuard Labs detect known HeadCrab malware samples with the following AV signatures:ELF/Miner.AF76!trELF/Agent.D9F0!trELF/Agent.E2A0!tr

Read More