Category Archives: Advisories

Trojan-Ransom.Thanos / Code Execution

Read Time:20 Second

Posted by malvuln on May 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/be60e389a0108b2871dff12dfbb542ac.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.Thanos
Vulnerability: Code Execution
Description: Thanos looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware…

Read More

[CVE-2022-0779] User Meta “um_show_uploaded_file” Path Traversal / Local File Enumeration

Read Time:24 Second

Posted by Julien Ahrens (RCE Security) on May 27

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: User Meta
Vendor URL: https://wordpress.org/plugins/user-meta
Type: Relative Path Traversal [CWE-23]
Date found: 2022-02-28
Date published: 2022-05-24
CVSSv3 Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVE: CVE-2022-0779

2. CREDITS
==========
This vulnerability was discovered and…

Read More

DSA-5150 rsyslog – security update

Read Time:13 Second

Peter Agten discovered that several modules for TCP syslog reception in
rsyslog, a system and kernel logging daemon, have buffer overflow flaws
when octet-counted framing is used, which could result in denial of
service or potentially the execution of arbitrary code.

Read More

logrotate-3.18.1-4.fc35

Read Time:12 Second

FEDORA-2022-ff0188b37c

Packages in this update:

logrotate-3.18.1-4.fc35

Update description:

lockState: do not print error: when exit code is unaffected (#2090926)

fix potential DoS from unprivileged users via the state file (CVE-2022-1348)

Read More

logrotate-3.18.0-5.fc34

Read Time:12 Second

FEDORA-2022-14f7b1a698

Packages in this update:

logrotate-3.18.0-5.fc34

Update description:

lockState: do not print error: when exit code is unaffected (#2090926)

fix potential DoS from unprivileged users via the state file (CVE-2022-1348)

Read More