Read Time:7 Second
FEDORA-2022-5b644a935b
Packages in this update:
bash-5.1.8-3.fc35
Update description:
Add a null check in parameter_brace_transform() function
Category Archives: Advisories
bash-5.1.16-4.fc37
Read Time:7 Second
FEDORA-2022-bf387ff344
Packages in this update:
bash-5.1.16-4.fc37
Update description:
Add a null check in parameter_brace_transform() function
Backdoor.Win32.Augudor.b / Remote File Write Code Execution
Read Time:21 Second
Posted by malvuln on Sep 27
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Augudor.b
Vulnerability: Remote File Write Code Execution
Description: The malware drops an empty file named “zy.exe” and listens on
TCP port 810. Third-party adversaries who can reach the infected host can…
Backdoor.Win32.Psychward.b / Weak Hardcoded Credentials
Read Time:19 Second
Posted by malvuln on Sep 27
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Psychward.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 8888 and requires
authentication. However, the password “4174” is weak and hardcoded in
cleartext within the PE…
Backdoor.Win32.Bingle.b / Weak Hardcoded Credentials
Read Time:20 Second
Posted by malvuln on Sep 27
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/eacaa12336f50f1c395663fba92a4d32.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Bingle.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware is packed using ASPack 2.11, listens on TCP port
22 and requires authentication. However, the password “let me in” is weak
and…
SEC Consult SA-20220923-0 :: Multiple Memory Corruption Vulnerabilities in COVESA (Connected Vehicle Systems Alliance) DLT daemon
Read Time:16 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 27
SEC Consult Vulnerability Lab Security Advisory < 20220923-0 >
=======================================================================
title: Multiple Memory Corruption Vulnerabilities
product: COVESA DLT daemon (Diagnostic Log and Trace)
Connected Vehicle Systems Alliance (COVESA), formerly GENIVI
vulnerable version: <= 2.18.8
fixed version: current master branch commit…
python-dnslib-0.9.21-1.el8
Read Time:8 Second
FEDORA-EPEL-2022-6319bfdcaa
Packages in this update:
python-dnslib-0.9.21-1.el8
Update description:
Update to latest upstream release 0.9.21
python-dnslib-0.9.21-1.fc38
Read Time:19 Second
FEDORA-2022-96c31cc8f6
Packages in this update:
python-dnslib-0.9.21-1.fc38
Update description:
Automatic update for python-dnslib-0.9.21-1.fc38.
Changelog
* Tue Sep 27 2022 Fabian Affolter <mail@fabian-affolter.ch> – 0.9.21-1
– Update to latest upstream release 0.9.21
– Fix for CVE-2022-22846 (closes rhbz#2042610, closes rhbz#2042611)
DSA-5239 gdal – security update
Read Time:12 Second
A heap-based buffer overflow vulnerability was discovered in gdal, a
Geospatial Data Abstraction Library, which could result in denial of
service or potentially the execution of arbitrary code, if a specially
crafted file is processed with the PCIDSK driver.
DSA-5238 thunderbird – security update
Read Time:6 Second
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.