Category Archives: Advisories

CVE-2020-6220

Read Time:13 Second

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.

Read More

USN-5462-1: Ruby vulnerabilities

Read Time:16 Second

It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (2022-28738)

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2022-28739)

Read More

USN-5461-1: FreeRDP vulnerabilities

Read Time:21 Second

It was discovered that FreeRDP incorrectly handled empty password values. A
remote attacker could use this issue to bypass server authentication. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10.
(CVE-2022-24882)

It was discovered that FreeRDP incorrectly handled server configurations
with an invalid SAM file path. A remote attacker could use this issue to
bypass server authentication. (CVE-2022-24883)

Read More

USN-5460-1: Vim vulnerabilities

Read Time:2 Minute, 5 Second

It was discovered that Vim was incorrectly processing Vim buffers.
An attacker could possibly use this issue to perform illegal memory
access and expose sensitive information. (CVE-2022-0554)

It was discovered that Vim was not properly performing bounds checks
for column numbers when replacing tabs with spaces or spaces with
tabs, which could cause a heap buffer overflow. An attacker could
possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2022-0572)

It was discovered that Vim was not properly performing validation of
data that contained special multi-byte characters, which could cause
an out-of-bounds read. An attacker could possibly use this issue to
cause a denial of service. (CVE-2022-0685)

It was discovered that Vim was incorrectly processing data used to
define indentation in a file, which could cause a heap buffer
overflow. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-0714)

It was discovered that Vim was incorrectly processing certain regular
expression patterns and strings, which could cause an out-of-bounds
read. An attacker could possibly use this issue to cause a denial of
service. (CVE-2022-0729)

It was discovered that Vim was not properly performing bounds checks
when executing spell suggestion commands, which could cause a heap
buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2022-0943)

It was discovered that Vim was incorrectly performing bounds checks
when processing invalid commands with composing characters in Ex
mode, which could cause a buffer overflow. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary
code. (CVE-2022-1616)

It was discovered that Vim was not properly processing latin1 data
when issuing Ex commands, which could cause a heap buffer overflow.
An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2022-1619)

It was discovered that Vim was not properly performing memory
management when dealing with invalid regular expression patterns in
buffers, which could cause a NULL pointer dereference. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2022-1620)

It was discovered that Vim was not properly processing invalid bytes
when performing spell check operations, which could cause a heap
buffer overflow. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2022-1621)

Read More

containerd-1.6.6-1.fc35 golang-github-containerd-cni-1.1.6-1.fc35 golang-github-containernetworking-cni-1.1.1-1.fc35 golang-x-sys-0-23.20220604gitbc2c85a.fc35

Read Time:25 Second

FEDORA-2022-725ac93b48

Packages in this update:

containerd-1.6.6-1.fc35
golang-github-containerd-cni-1.1.6-1.fc35
golang-github-containernetworking-cni-1.1.1-1.fc35
golang-x-sys-0-23.20220604gitbc2c85a.fc35

Update description:

golang-x-sys: Bump to commit bc2c85ada10aa9b6aa9607e9ac9ad0761b95cf1d

golang-github-containernetworking-cni: Update to 1.1.1.

golang-github-containerd-cni: Update to 1.1.6. Fixes rhbz#2092632.

containerd: Update to 1.6.6. Mitigates GHSA-5ffw-gxpp-mxpf / CVE-2022-31030.

Read More

containerd-1.6.6-1.fc36 golang-github-containerd-cni-1.1.6-1.fc36 golang-github-containernetworking-cni-1.1.1-1.fc36 golang-x-sys-0-23.20220604gitbc2c85a.fc36

Read Time:25 Second

FEDORA-2022-1da581ac6d

Packages in this update:

containerd-1.6.6-1.fc36
golang-github-containerd-cni-1.1.6-1.fc36
golang-github-containernetworking-cni-1.1.1-1.fc36
golang-x-sys-0-23.20220604gitbc2c85a.fc36

Update description:

golang-x-sys: Bump to commit bc2c85ada10aa9b6aa9607e9ac9ad0761b95cf1d

golang-github-containernetworking-cni: Update to 1.1.1.

golang-github-containerd-cni: Update to 1.1.6. Fixes rhbz#2092632.

containerd: Update to 1.6.6. Mitigates GHSA-5ffw-gxpp-mxpf / CVE-2022-31030.

Read More

New Confluence Vulnerability (CVE-2022-26134) Exploited in the Wild

Read Time:1 Minute, 57 Second

FortiGuard Labs is aware of a new vulnerability in Confluence Server and Data Center (CVE-2022-26134) which was reportedly exploited as a zero-day in the wild. Rated critical, successful exploitation of the vulnerability allows an unauthenticated remote attacker to execute arbitrary code on the compromised server. The vulnerability affects all supported versions of unpatched Confluence Server and Data Center.Why is this Significant?This is significant because Confluence Server and Data Center (CVE-2022-26134) was reportedly exploited as a 0-day in the wild. The vulnerability is an OGNL injection vulnerability that allows an unauthenticated remote attacker to execute arbitrary code on the compromised server.Confluence is a widely-used team workspace and collaboration tool developed by Atlassian. It is used to help teams collaborate and share knowledge via a content management system and is used by many large scale enterprise and organizations worldwide. This vulnerability does not have a CVSS score at the moment, but the ease of exploitation via an unauthenticated session and combined with remote code execution is a cause for concern.What versions of Confluence Server and Data Center are Affected by CVE-2022-26134?The advisory released by Atlassian states that the following versions are affected:All supported versions of Confluence Server and Data CenterConfluence Server and Data Center versions after 1.3.0What Malware was Deployed to the Compromised Server?It was reported that China Chopper has been deployed on to compromised servers. China Chopper is a tiny webshell that provides a remote attacker backdoor access to a compromised system.Has the Vendor Released an Advisory for CVE-2022-26134?Yes. See the Appendix for a link to “Confluence Security Advisory 2022-06-02”.Has the Vendor Released a Patch?Yes, Atlassian has released a patch on June 3rd, 2022.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against the China Chopper webshell that was reportedly deployed on known compromised Confluence servers:Java/Websh.D!trAll known network IOC’s associated with attacks leveraging CVE-2022-26134 are blocked by the FortiGuard WebFiltering Client.FortiGuard Labs is currently investigating for additional coverage against CVE-2022-26134. This Threat Signal will be updated when additional information becomes available.Any Suggested Mitigation?The advisory includes mitigation information. See the Appendix for a link to “Confluence Security Advisory 2022-06-02”.

Read More