Category Archives: Advisories

USN-5395-2: networkd-dispatcher regression

Read Time:20 Second

USN-5395-1 fixed vulnerabilities in networkd-dispatcher. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that networkd-dispatcher incorrectly handled internal
scripts. A local attacker could possibly use this issue to cause a race
condition, escalate privileges and execute arbitrary code.
(CVE-2022-29799, CVE-2022-29800)

Read More

Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver JAVA

Read Time:22 Second

Posted by Onapsis Research via Fulldisclosure on May 04

# Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver
JAVA

## Impact on Business

This vulnerability can be used by an attacker to make a Denial of Service
to SAP Netweaver Java, making HTTP server unavailable during attack
execution.

## Advisory Information

– Public Release Date: 04/05/2021
– Security Advisory ID: ONAPSIS-2022-0002
– Researcher(s): Gaston Traberg

## Vulnerability Information

– Vendor: SAP
– Affected…

Read More

Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web Dispatcher

Read Time:25 Second

Posted by Onapsis Research via Fulldisclosure on May 04

# Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web
Dispatcher

## Impact on Business

By injecting an HTTP request as a prefix into a victim’s request, a
malicious user
is able to cause damage in different ways, such as producing a Denial of
Service by
setting an invalid request as a prefix.

It is also possible to inject a valid prefixed request that will include the
victim’s information from its original request….

Read More

CVE-2021-20051

Read Time:14 Second

SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.

Read More

USN-5402-1: OpenSSL vulnerabilities

Read Time:48 Second

Elison Niven discovered that OpenSSL incorrectly handled the c_rehash
script. A local attacker could possibly use this issue to execute arbitrary
commands when c_rehash is run. (CVE-2022-1292)

Raul Metsma discovered that OpenSSL incorrectly verified certain response
signing certificates. A remote attacker could possibly use this issue to
spoof certain response signing certificates. This issue only affected
Ubuntu 22.04 LTS. (CVE-2022-1343)

Tom Colley discovered that OpenSSL used the incorrect MAC key in the
RC4-MD5 ciphersuite. In non-default configurations were RC4-MD5 is enabled,
a remote attacker could possibly use this issue to modify encrypted
communications. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1434)

Aliaksei Levin discovered that OpenSSL incorrectly handled resources when
decoding certificates and keys. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473)

Read More