Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.

Read More

FEDORA-2022-1f829990f0

Packages in this update:

golang-1.18.5-1.fc36

Update description:

go1.18.5 includes security fixes to the encoding/gob and math/big packages, as well as bug fixes to the compiler, the go command, the runtime, and the testing package.

Upstream notes.

Read More

This vulnerability allows local attackers to disclose sensitive information on affected installations of NetBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Read More

This vulnerability allows local attackers to disclose sensitive information on affected installations of NetBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Read More

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability.

Read More

Posted by malvuln on Aug 01

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/c790749f851d48e66e7d59cc2e451956_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Destrukor.20
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 6969. Third-party adversaries
who can reach infected hosts can run commands made available by the…

Read More

Posted by malvuln on Aug 01

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/c790749f851d48e66e7d59cc2e451956.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Destrukor.20
Vulnerability: Authentication Bypass
Description: The malware listens on TCP port 6969. However, after sending a
specific cmd “rozmiar” the backdoor returns “moznasciagac” in Polish…

Read More

Two security vulnerabilities were discovered in Jetty, a Java servlet engine
and webserver.

Read More

FEDORA-2022-513f28a4be

Packages in this update:

webkit2gtk3-2.36.5-2.fc35

Update description:

Add support for PAC proxy in the WebDriver implementation.
Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser.
Fix several crashes and rendering issues.
Security fixes: CVE-2022-32792, CVE-2022-32816

Read More

FEDORA-EPEL-2022-ced30d9530

Packages in this update:

golang-1.17.12-1.el7

Update description:

Update to 1.17.12, security fixes for CVE-2022-30629, CVE-2022-1705, CVE-2022-32148, CVE-2022-30631, CVE-2022-28131, CVE-2022-30633, CVE-2022-30632, CVE-2022-30635, CVE-2022-30630, CVE-2022-1962

Read More