Category Archives: Advisories

ZDI-22-959: (0Day) Vinchin Backup and Recovery MySQL Server Use of Hard-coded Credentials Authentication Bypass Vulnerability

July 8, 2022

Read Time:7 Second

This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery. Authentication is not required to exploit this vulnerability.

Advisories

USN-5507-1: Vim vulnerabilities

July 8, 2022

Read Time:20 Second

It was discovered that Vim incorrectly handled memory access. An attacker
could potentially use this issue to cause the program to crash, use unexpected
values, or execute arbitrary code. (CVE-2022-1968)

It was discovered that Vim incorrectly handled memory access. An attacker
could potentially use this issue to cause the corruption of sensitive
information, a crash, or arbitrary code execution.
(CVE-2022-1897, CVE-2022-1942)

Advisories

DSA-5179 php7.4 – security update

July 8, 2022

Read Time:9 Second

Charles Fol discovered two security issues in PHP, a widely-used open
source general purpose scripting language which could result an denial of
service or potentially the execution of arbitrary code:

Advisories

USN-5479-3: PHP regression

July 7, 2022

Read Time:34 Second

USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for
CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes
the problem.

We apologize for the inconvenience.

Original advisory details:

Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)

Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)

Advisories