Category Archives: Advisories

Advisories

grafana-7.5.15-1.fc36

Read Time:33 Second

FEDORA-2022-c5383675d9

Packages in this update:

grafana-7.5.15-1.fc36

Update description:

update to 7.5.15 tagged upstream community sources, see CHANGELOG
resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation
resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure
resolve CVE-2021-23648 sanitize-url: XSS
resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
declare Node.js dependencies of subpackages
make vendor and webpack tarballs reproducible

Read More

Advisories

grafana-7.5.15-1.fc35

Read Time:33 Second

FEDORA-2022-9dd03cab55

Packages in this update:

grafana-7.5.15-1.fc35

Update description:

update to 7.5.15 tagged upstream community sources, see CHANGELOG
resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation
resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure
resolve CVE-2021-23648 sanitize-url: XSS
resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
declare Node.js dependencies of subpackages
make vendor and webpack tarballs reproducible

Read More

Advisories

CVE-2020-4668

Read Time:18 Second

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283.

Read More

Advisories

blender-2.68a-9.el7

Read Time:42 Second

FEDORA-EPEL-2022-4a24f39c87

Packages in this update:

blender-2.68a-9.el7

Update description:

Security fix for CVE-2017-12102, CVE-2017-12103, CVE-2017-12104, CVE-2017-12081, CVE-2017-12082, CVE-2017-12086, CVE-2017-12099, CVE-2017-12100, CVE-2017-12101, CVE-2017-12105, CVE-2017-2908, CVE-2017-2899, CVE-2017-2900, fix CVE-2017-2901, CVE-2017-2902, CVE-2017-2903, CVE-2017-2904, CVE-2017-2905, CVE-2017-2906, CVE-2017-2907, CVE-2017-2918.

Includes manual backports of the following upstream commits:

a6700362 “Memory: add MEM_malloc_arrayN() function to protect against overflow.”
d30cc1ea “Fix buffer overflows in TIFF, PNG, IRIS, DPX, HDR and AVI loading.”
07aed40 “Fix buffer overflow vulernability in thumbnail file reading.”
e6df028 “Fix buffer overflow vulnerabilities in mesh code.”
e6df028 “Fix buffer overflow vulnerability in curve, font, particles code.”

Read More

Advisories

Backdoor.Win32.XLog.21 / Authentication Bypass Race Condition

Read Time:20 Second

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/2906b5dc5132dd1319827415e837168f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.XLog.21
Vulnerability: Authentication Bypass Race Condition
Description: The malware listens on TCP port 5553. Third-party attackers
who can reach the system before a password has been set can logon using
default credentials of…

Read More