FEDORA-2022-af492757d9

Packages in this update:

kernel-5.17.2-300.fc36

Update description:

The 5.17.2 stable kernel update contains a number of important fixes across the tree.

Read More

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283.

Read More

FEDORA-EPEL-2022-4a24f39c87

Packages in this update:

blender-2.68a-9.el7

Update description:

Security fix for CVE-2017-12102, CVE-2017-12103, CVE-2017-12104, CVE-2017-12081, CVE-2017-12082, CVE-2017-12086, CVE-2017-12099, CVE-2017-12100, CVE-2017-12101, CVE-2017-12105, CVE-2017-2908, CVE-2017-2899, CVE-2017-2900, fix CVE-2017-2901, CVE-2017-2902, CVE-2017-2903, CVE-2017-2904, CVE-2017-2905, CVE-2017-2906, CVE-2017-2907, CVE-2017-2918.

Includes manual backports of the following upstream commits:

a6700362 “Memory: add MEM_malloc_arrayN() function to protect against overflow.”
d30cc1ea “Fix buffer overflows in TIFF, PNG, IRIS, DPX, HDR and AVI loading.”
07aed40 “Fix buffer overflow vulernability in thumbnail file reading.”
e6df028 “Fix buffer overflow vulnerabilities in mesh code.”
e6df028 “Fix buffer overflow vulnerability in curve, font, particles code.”

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/2906b5dc5132dd1319827415e837168f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.XLog.21
Vulnerability: Authentication Bypass Race Condition
Description: The malware listens on TCP port 5553. Third-party attackers
who can reach the system before a password has been set can logon using
default credentials of…

Read More

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/89000e259ffbd107b7cc9bac66dcdcf5.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Xingdoor
Vulnerability: Denial of Service
Description: The malware “System_XingCheng” listens on TCP port 7016.
Attackers who can send a specially crafted packet, can trigger an int 3
“xcc” breakpoint debug…

Read More

Posted by malvuln on Apr 07

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/837ec70bfb305b5c862ff9b04e70a318_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wisell
Vulnerability: Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 5277. Attackers who can reach
the infected system can send a specially crafted packet triggering a stack
buffer overflow overwriting…

Read More