Threat: Backdoor.Win32.Delf.gj
Vulnerability: Information Disclosure
Description: The malware listens on TCP port 80. Third-party adversaries
who can reach an infected system can pass…
Two security vulnerabilities have been discovered in Cacti, a web
interface for graphing of monitoring systems, which could result in
unauthenticated command injection or LDAP authentication bypass.
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.
Todd Eisenberger discovered that certain versions of GNU Compiler
Collection (GCC) could be made to clobber the status flag of RDRAND
and RDSEED with specially crafted input. This could potentially lead
to less randomness in random number generation.
It was discovered that protobuf did not properly manage memory when serializing
large messages. An attacker could possibly use this issue to cause applications
using protobuf to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2015-5237)
It was discovered that protobuf did not properly manage memory when parsing
specifically crafted messages. An attacker could possibly use this issue to
cause applications using protobuf to crash, resulting in a denial of service.
(CVE-2022-1941)
USN-5767-1 fixed a vulnerability in Python. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Python incorrectly handled certain IDNA inputs.
An attacker could possibly use this issue to expose sensitive information
denial of service, or cause a crash.
(CVE-2022-45061)