What is the attack?A threat actor known as “8220 Gang” is seen exploiting two vulnerabilities in the Oracle WebLogic server: CVE-2017-3506, which allows remote OS command execution, and CVE-2023-21839 is an insecure deserialization vulnerability. CISA recently added the Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog on 3 June 2023.What is the recommended Mitigation?Apply the most recent patch released by Oracle. In the advisory, Oracle mentioned that they continue to receive reports of exploitation attempts.What FortiGuard Coverage is available?FortiGuard customers remain protected by the IPS signatures available for both vulnerabilities. FortiGuard Outbreak Alert is available to review for full coverage and the FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More

It was discovered that Atril was vulnerable to a path traversal attack.
An attacker could possibly use this vulnerability to create arbitrary
files on the host filesystem with user privileges.

Read More

It was discovered that BlueZ could be made to dereference invalid memory.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 22.04 LTS. (CVE-2022-3563)

It was discovered that BlueZ could be made to write out of bounds. If a
user were tricked into connecting to a malicious device, an attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2023-27349)

Read More

It was discovered that FRR incorrectly handled certain network traffic.
A remote attacker could possibly use this issue to cause FRR to crash,
resulting in a denial of service. (CVE-2022-26126, CVE-2022-26127,
CVE-2022-26128, CVE-2022-26129, CVE-2022-37032, CVE-2022-37035,
CVE-2023-31490, CVE-2023-38406, CVE-2023-38407, CVE-2023-46752,
CVE-2023-46753, CVE-2023-47234, CVE-2023-47235, CVE-2024-31948)

Ben Cartwright-Cox discovered that FRR incorrectly handled certain
network traffic. A remote attacker could possibly use this issue to cause
FRR to crash, resulting in a denial of service. (CVE-2023-38802)

Read More

FEDORA-2024-c2e7b82022

Packages in this update:

libvirt-9.7.0-4.fc39

Update description:

Fix crash in event loop (CVE-2024-4418)
Fix I/O stall when multiple threads issue RPC calls
Fix leak of GSource object
Fix leak of udev object reference

Read More

FEDORA-2024-123f2b3666

Packages in this update:

cyrus-imapd-3.8.3-1.fc39

Update description:

Security fix for CVE-2024-34055

Read More

FEDORA-2024-f3e0255c75

Packages in this update:

cyrus-imapd-3.8.3-1.fc40

Update description:

Security fix for CVE-2024-34055

Read More

FEDORA-2024-cfbdc342a2

Packages in this update:

cyrus-imapd-3.8.3-1.fc41

Update description:

Automatic update for cyrus-imapd-3.8.3-1.fc41.

Changelog

* Wed Jun 5 2024 Martin Osvald <mosvald@redhat.com> – 3.8.3-1
– Fix CVE-2024-34055 (rhbz#2290512)
– Convert to %autorelease and %autochangelog

Read More

Pedro Ribeiro and Vitor Pedreira discovered that the GDK-PixBuf
library did not properly handle certain ANI files. An attacker
could use this flaw to cause GDK-PixBuf to crash, resulting in
a denial of service, or to possibly execute arbitrary code.

Read More

USN-6715-1 fixed a vulnerability in unixODBC. This update provides the
corresponding fix for Ubuntu 24.04 LTS.

Original advisory details:

It was discovered that unixODBC incorrectly handled certain bytes.
An attacker could use this issue to execute arbitrary code or cause
a crash.

Read More