Category Archives: Advisories

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

Read Time:1 Minute, 46 Second

Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access to systems. One such vulnerability is ZDI-CAN-18333, a critical zero-day vulnerability that affects Microsoft Windows. In this article, we’ll take a closer look at what this vulnerability is, how it works, and what you can do to protect your systems.

What is ZDI-CAN-18333?

ZDI-CAN-18333 is a zero-day vulnerability that was discovered by researchers from the Zero Day Initiative (ZDI). The vulnerability affects Microsoft Windows, one of the most widely used operating systems in the world. ZDI-CAN-18333 is considered critical as it could allow attackers to execute arbitrary code on a victim’s system, potentially giving them access to sensitive information.

How does ZDI-CAN-18333 work?

The ZDI-CAN-18333 vulnerability is related to the way that Microsoft Windows processes certain types of user input. Specifically, the vulnerability is related to the way that the operating system handles the printing of documents. By exploiting this flaw, an attacker can execute arbitrary code on a victim’s system, potentially giving them access to sensitive information or allowing them to install other malware.

What can you do to protect your systems?

Microsoft has released a security patch to address the ZDI-CAN-18333 vulnerability, which should be installed as soon as possible. Additionally, users should ensure that their operating system is up to date with the latest version of Microsoft Windows, as older versions may not be eligible for security patches. It’s also recommended to follow standard security practices such as avoiding suspicious websites and downloads, using strong passwords, and enabling two-factor authentication.

Zero-day vulnerabilities like ZDI-CAN-18333 are a serious threat to cybersecurity, and it’s important to stay informed about emerging threats and take steps to protect your systems. By keeping your operating system up to date with the latest security patches and following standard security practices, you can help safeguard your system from potential attacks. Remember to stay vigilant and report any suspicious activity to your IT department or security provider.

CVE-2020-36518: A Critical Vulnerability in SolarWinds Orion Platform

Read Time:1 Minute, 42 Second

The discovery of vulnerabilities in popular software can have far-reaching implications for cybersecurity. One such vulnerability is CVE-2020-36518, a critical vulnerability in the SolarWinds Orion Platform. In this article, we’ll explore what this vulnerability is, how it works, and what you can do to protect your systems.

What is CVE-2020-36518?

CVE-2020-36518 is a critical vulnerability in the SolarWinds Orion Platform, a popular network management software used by many organizations. The vulnerability could allow attackers to execute remote code on affected systems, potentially giving them access to sensitive information or allowing them to install other malware. The vulnerability was first identified in December 2020 and is considered a major threat to cybersecurity.

How does CVE-2020-36518 work?

The CVE-2020-36518 vulnerability is related to the way that the SolarWinds Orion Platform processes certain types of user input. Specifically, the vulnerability is related to the way that the software handles authentication requests. By exploiting this flaw, an attacker could potentially execute remote code on a victim’s system, allowing them to gain access to sensitive information or install other malware.

What can you do to protect your systems?

SolarWinds has released a security update to address the CVE-2020-36518 vulnerability, which should be installed as soon as possible. Additionally, it’s recommended that users of the SolarWinds Orion Platform follow standard security practices such as using strong passwords, enabling two-factor authentication, and monitoring their systems for any suspicious activity. It’s also important to stay informed about emerging threats and to take steps to secure your systems against potential attacks.

CVE-2020-36518 is a critical vulnerability in the SolarWinds Orion Platform that could have serious implications for cybersecurity. It’s crucial for organizations to stay informed about emerging threats and to take steps to protect their systems against potential attacks. By keeping their software up to date with the latest security patches, following standard security practices, and monitoring their systems for any suspicious activity, organizations can help safeguard their networks against potential threats.

CVE-2016-15024

Read Time:24 Second

A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability.

Read More

CVE-2014-125087

Read Time:20 Second

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.

Read More

CVE-2012-10007

Read Time:26 Second

A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The name of the patch is 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479.

Read More

xen-4.16.3-3.fc36

Read Time:15 Second

FEDORA-2023-dad0295b25

Packages in this update:

xen-4.16.3-3.fc36

Update description:

use OVMF.fd from new edk2-ovmf-xen package as ovmf.bin file
built from edk2-ovmf package no longer supports xen (#2170930)

x86: Cross-Thread Return Address Predictions [XSA-426, CVE-2022-27672]

Read More

DSA-5354 snort – security update

Read Time:13 Second

Multiple security vulnerabilities were discovered in snort, a flexible Network
Intrusion Detection System, which could allow an unauthenticated, remote
attacker to cause a denial of service (DoS) condition or bypass filtering
technology on an affected device and ex-filtrate data from a compromised host.

Read More

edk2-20221117gitfff6d81270b5-14.fc36

Read Time:15 Second

FEDORA-2023-e821b64a4c

Packages in this update:

edk2-20221117gitfff6d81270b5-14.fc36

Update description:

add sub-package with xen build (resolves: rhbz#2170730)

update openssl (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304).

cherry-pick aarch64 bugfixes,
set firmware build release date,
add ext4 sub-package

Read More

GoAnywhere MFT RCE Vulnerability (CVE-2023-0669) Actively Exploited

Read Time:1 Minute, 51 Second

FortiGuard Labs is aware of a report that a remote code execution (RCE) vulnerability in the GoAnywhere MFT (Managed File Transfer) tool (CVE-2023-0669) is being actively exploited in the wild. The Cl0p ransomware threat actor reportedly claimed to have leveraged the vulnerability to compromise vulnerable GoAnywhere MFT servers and steal data from over 130 organizations. FortiGuard Labs has an Outbreak Alert writeup page that contains additional information on CVE-2023-0669 which contains a comprehensive list of protections and can be found here.Why is this Significant?This is significant because a RCE vulnerability in the GoAnywhere MFT tool (CVE-2023-0669) is being actively exploited in the wild. The Cl0p ransomware group allegedly exploited the vulnerability and stole data from multiple organizations for financial extortion.On February 10, 2023, CISA (Cybersecurity and Infrastructure Security Agency) added CVE-2023-0669 to the Known Exploited Vulnerabilities catalog.A patch is available in version 7.1.2 and should be applied as soon as possible.What is GoAnywhere MFT?GoAnywhere MFT is a tool developed by Fortra that allows organizations to centralize, control and streamline internal and external file transfers.What is CVE-2023-0669?CVE-2023-0669 is a command injection vulnerability in GoAnywhere MFT and affects version 7.1.1 and prior. Successful exploitation of the vulnerability allows attackers to gain remote code execution on vulnerable GoAnywhere MFT.The vulnerability has a CVSS score of 7.2.Has the Vendor Released an Advisory for What is CVE-2023-0669?Fortra released the advisory in their customer portal. See the Appendix for a link to “Security Advisory” (note that login is required to access the advisory).Has the Vendor Released a Patch for CVE-2023-0669?Yes. Fortra released a patch in version 7.1.2 on February 13, 2023.Any Mitigation?Fortra provided mitigation methods in the advisory. For details, see the Appendix for a link to “Security Advisory” (note that a login is required to access the advisory).What is the Status of Protection?FortiGuard Labs released the following IPS signature in version 22.495for CVE-2023-0669:Fortra.GoAnywhere.MFT.LicenseResponseServlet.Command.Injection (default action is set to “pass” – please adjust to ‘block’ for active protection)

Read More