Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).
Category Archives: Advisories
CVE-2021-27853
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
bash-5.1.16-3.fc36
FEDORA-2022-4ff296fe8e
Packages in this update:
bash-5.1.16-3.fc36
Update description:
Add a null check in parameter_brace_transform() function
bash-5.1.8-3.fc35
FEDORA-2022-5b644a935b
Packages in this update:
bash-5.1.8-3.fc35
Update description:
Add a null check in parameter_brace_transform() function
bash-5.1.16-4.fc37
FEDORA-2022-bf387ff344
Packages in this update:
bash-5.1.16-4.fc37
Update description:
Add a null check in parameter_brace_transform() function
Backdoor.Win32.Augudor.b / Remote File Write Code Execution
Posted by malvuln on Sep 27
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Augudor.b
Vulnerability: Remote File Write Code Execution
Description: The malware drops an empty file named “zy.exe” and listens on
TCP port 810. Third-party adversaries who can reach the infected host can…
Backdoor.Win32.Psychward.b / Weak Hardcoded Credentials
Posted by malvuln on Sep 27
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Psychward.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 8888 and requires
authentication. However, the password “4174” is weak and hardcoded in
cleartext within the PE…
Backdoor.Win32.Bingle.b / Weak Hardcoded Credentials
Posted by malvuln on Sep 27
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/eacaa12336f50f1c395663fba92a4d32.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Bingle.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware is packed using ASPack 2.11, listens on TCP port
22 and requires authentication. However, the password “let me in” is weak
and…
SEC Consult SA-20220923-0 :: Multiple Memory Corruption Vulnerabilities in COVESA (Connected Vehicle Systems Alliance) DLT daemon
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 27
SEC Consult Vulnerability Lab Security Advisory < 20220923-0 >
=======================================================================
title: Multiple Memory Corruption Vulnerabilities
product: COVESA DLT daemon (Diagnostic Log and Trace)
Connected Vehicle Systems Alliance (COVESA), formerly GENIVI
vulnerable version: <= 2.18.8
fixed version: current master branch commit…
python-dnslib-0.9.21-1.el8
FEDORA-EPEL-2022-6319bfdcaa
Packages in this update:
python-dnslib-0.9.21-1.el8
Update description:
Update to latest upstream release 0.9.21