Read Time:7 Second
FEDORA-EPEL-2022-00bbb857bb
Packages in this update:
phoronix-test-suite-10.8.2-1.el9
Update description:
Security fix for CVE-2022-0571
Category Archives: Advisories
Another Wiper Malware Targeted Enterprises in Ukraine #DoubleZero
Read Time:1 Minute, 0 Second
FortiGuard Labs is aware that enterprises in Ukraine were targeted by another wiper malware. Dubbed “DoubleZero,” the malware was distributed in a zip archive and destroys the compromised machine by overwriting files and deleting registry keys.Why is this Significant?This is significant because DoubleZero is the latest wiper malware used in the current Russia-Ukraine war and aims to destroy machines belonging to enterprises in Ukraine.FortiGuard Labs previous published multiple Threat Signals on other wiper malware that targeted Ukraine. See the Appendix for links to “Additional Wiper Malware Deployed in Ukraine #CaddyWiper,” “New Wiper Malware Discovered Targeting Ukrainian Interests” and “Wiper Malware Hit Ukrainian Organizations.”How Widespread is the Malware?At this time, there is no report that DoubleZero affected organizations outside of Ukraine.How does DoubleZero Work?DoubleZero was distributed in several ZIP archives, one of which is called “Virus … extremely dangerous !!!. Zip.” Once DoubleZero runs, it overwrites or uses API calls to zero out non-system files system files before moving on to overwrite critical system files and registry keys.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against the files involved in the attack:MSIL/DZeroWiper.CK!tr
CVE-2021-20290
Read Time:20 Second
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability.
CVE-2021-20323
Read Time:4 Second
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
CVE-2021-22100
Read Time:16 Second
In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that (accidentally or maliciously) causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or manage apps.
CVE-2020-21554
Read Time:10 Second
A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllersadmin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.
skopeo-1.7.0-1.fc34
Read Time:8 Second
FEDORA-2022-6043a7b938
Packages in this update:
skopeo-1.7.0-1.fc34
Update description:
Security fix for CVE-2022-21698, skopeo likely not directly impacted
skopeo-1.7.0-1.fc36
Read Time:10 Second
FEDORA-2022-5f253807ce
Packages in this update:
skopeo-1.7.0-1.fc36
Update description:
Security fix for CVE-2022-21698, skopeo likely not directly impacted
tests subpackage depends on /usr/sbin/unsquashfs
skopeo-1.7.0-1.fc35
Read Time:10 Second
FEDORA-2022-eda0e65b01
Packages in this update:
skopeo-1.7.0-1.fc35
Update description:
Security fix for CVE-2022-21698, skopeo likely not directly impacted.
tests subpackage depends on /usr/sbin/unsquashfs
openssl1.1-1.1.1n-1.fc36
Read Time:7 Second
FEDORA-2022-8bb51f6901
Packages in this update:
openssl1.1-1.1.1n-1.fc36
Update description:
Security fix for CVE-2022-0778