Category Archives: Advisories

USN-5395-2: networkd-dispatcher regression

Read Time:20 Second

USN-5395-1 fixed vulnerabilities in networkd-dispatcher. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that networkd-dispatcher incorrectly handled internal
scripts. A local attacker could possibly use this issue to cause a race
condition, escalate privileges and execute arbitrary code.
(CVE-2022-29799, CVE-2022-29800)

Read More

Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver JAVA

Read Time:22 Second

Posted by Onapsis Research via Fulldisclosure on May 04

# Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver
JAVA

## Impact on Business

This vulnerability can be used by an attacker to make a Denial of Service
to SAP Netweaver Java, making HTTP server unavailable during attack
execution.

## Advisory Information

– Public Release Date: 04/05/2021
– Security Advisory ID: ONAPSIS-2022-0002
– Researcher(s): Gaston Traberg

## Vulnerability Information

– Vendor: SAP
– Affected…

Read More

Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web Dispatcher

Read Time:25 Second

Posted by Onapsis Research via Fulldisclosure on May 04

# Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web
Dispatcher

## Impact on Business

By injecting an HTTP request as a prefix into a victim’s request, a
malicious user
is able to cause damage in different ways, such as producing a Denial of
Service by
setting an invalid request as a prefix.

It is also possible to inject a valid prefixed request that will include the
victim’s information from its original request….

Read More

CVE-2021-20051

Read Time:14 Second

SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.

Read More