Category Archives: Advisories

USN-5321-3: Firefox regressions

March 24, 2022

Read Time:36 Second

USN-5321-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the browser
UI, bypass security restrictions, obtain sensitive information, or execute
arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382,
CVE-2022-26383, CVE-2022-26384, CVE-2022-26385)

A TOCTOU bug was discovered when verifying addon signatures during
install. A local attacker could potentially exploit this to trick a
user into installing an addon with an invalid signature.
(CVE-2022-26387)

Advisories

USN-5347-1: OpenVPN vulnerability

March 24, 2022

Read Time:8 Second

It was discovered that OpenVPN incorrectly handled certain configurations
with multiple authentication plugins. A remote attacker could possibly use
this issue to bypass authentication using incomplete credentials.

Advisories

USN-5346-1: Linux kernel (OEM) vulnerability

March 24, 2022

Read Time:10 Second

It was discovered that the ICMPv6 implementation in the Linux kernel did
not properly deallocate memory in certain situations. A remote attacker
could possibly use this to cause a denial of service (memory exhaustion).

Advisories

ZDI-22-538: (0Day) Epic Games Launcher Link Following Denial-of-Service Vulnerability

March 24, 2022

Read Time:12 Second

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Advisories

ZDI-22-537: (0Day) Epic Games Launcher Link Following Denial-of-Service Vulnerability

March 24, 2022

Read Time:12 Second

Advisories

ZDI-22-536: (0Day) Electronic Arts Origin Web Helper Service Link Following Privilege Escalation Vulnerability

March 24, 2022

Read Time:11 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Electronic Arts Origin. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Advisories

DSA-5107 php-twig – security update

March 24, 2022

Read Time:8 Second

Marlon Starkloff discovered that twig, a template engine for PHP, did
not correctly enforce sandboxing. This would allow a malicious user to
execute arbitrary code.

Advisories

DSA-5108 tiff – security update

March 24, 2022

Read Time:8 Second

Multiple vulnerabilities have been discovered in the libtiff library
and the included tools, which may result in denial of service if
malformed image files are processed.

Advisories

USN-5345-1: Thunderbird vulnerabilities

March 23, 2022

Read Time:1 Minute, 20 Second

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
bypass security restrictions, obtain sensitive information, cause
undefined behaviour, spoof the browser UI, or execute arbitrary code.
(CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763,
CVE-2022-22764, CVE-2022-26381, CVE-2022-26383, CVE-2022-26384)

It was discovered that extensions of a particular type could auto-update
themselves and bypass the prompt that requests permissions. If a user
were tricked into installing a specially crafted extension, an attacker
could potentially exploit this to bypass security restrictions.
(CVE-2022-22754)

It was discovered that dragging and dropping an image into a folder could
result in it being marked as executable. If a user were tricked into
dragging and dropping a specially crafted image, an attacker could
potentially exploit this to execute arbitrary code. (CVE-2022-22756)

It was discovered that files downloaded to /tmp were accessible to other
users. A local attacker could exploit this to obtain sensitive
information. (CVE-2022-26386)

An out-of-bounds write by one byte was discovered when processing
messages in some circumstances. If a user were tricked into opening a
specially crafted message, an attacker could potentially exploit this
to cause a denial of service. (CVE-2022-0566)

Advisories

CVE-2020-20093

March 23, 2022

Read Time:12 Second

The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.

Cyber Security News

Category Archives: Advisories

USN-5321-3: Firefox regressions

USN-5347-1: OpenVPN vulnerability

USN-5346-1: Linux kernel (OEM) vulnerability

ZDI-22-538: (0Day) Epic Games Launcher Link Following Denial-of-Service Vulnerability

ZDI-22-537: (0Day) Epic Games Launcher Link Following Denial-of-Service Vulnerability

ZDI-22-536: (0Day) Electronic Arts Origin Web Helper Service Link Following Privilege Escalation Vulnerability

DSA-5107 php-twig – security update

DSA-5108 tiff – security update

USN-5345-1: Thunderbird vulnerabilities

CVE-2020-20093

News, Advisories and much more