Fedora: Security Advisory for postgresql-jdbc (FEDORA-2022-cdeabe1bc0)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2022-66757)

Microsoft Exchange Server is a set of email service programs from Microsoft Corporation. Microsoft Exchange Server is vulnerable to a remote code execution vulnerability that could be exploited by an authenticated attacker to execute arbitrary code on the target system...

GO-2022-1008 Unauthorized file access in github.com/containers/buildah

SGID programs executed in a container can access files that have negative group permissions for the user's primary group. Consider a file which is owned by user u1 and group g1, permits user and other read access, and does NOT permit group read access. This file is readable by u1 and all other...

Moderate: mysql security, bug fix, and enhancement update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.30. BZ2122589 Security Fixes: mysql: Server: Optimizer multiple...

[SECURITY] Fedora 36 Update: ImageMagick-6.9.12.63-1.fc36

ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...

PT-2022-33676 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.15.61 through 5.15.65 Description: A potential security issue exists in the Linux Kernel, related to the bpf and cgroup subsystems. The issue is described as a kernel BUG in purge effective progs. The actual impact and...

How to Do Malware Analysis?

Based on the findings of Malwarebytes' Threat Review for 2022, 40 million Windows business computers' threats were detected in 2021. In order to combat and avoid these kinds of attacks, malware analysis is essential. In this article, we will break down the goal of malicious programs' investigatio...

[SECURITY] Fedora 37 Update: open-vm-tools-12.1.0-1.fc37

The open-vm-tools project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and...

Good game, well played: an overview of gaming-related cyberthreats in 2022

The gaming industry went into full gear during the pandemic, as many people took up online gaming as their new hobby to escape the socially-distanced reality. Since then, the industry has never stopped growing. According to the analytical agency Newzoo, in 2022, the global gaming market will exce...

[SECURITY] Fedora 37 Update: kernel-headers-5.19.4-300.fc37

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...

Get to Know Anne An

Meet Anne An Senior Security Researcher By Trellix · August 25, 2022 This blog was written by Michael Alicea At Trellix, we celebrate and champion our people. I’ve been hearing a lot recently about one of my colleagues, Anne An. My sources tell me she is a highly technical and “intuitive”...

CVE-2021-3999

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...

CVE-2022-29549

An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks e.g., to help ensure that a program was installed by root and without integrity checks e.g., a checksum comparison against known legitimate...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2218)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2253)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Seven Cats Free Fiction has a flawed logic vulnerability

Seven Cats Free Novels is a great full-length novel reading program. Seven Cats Free Novels suffers from a logic flaw vulnerability that can be exploited by attackers to inject malicious programs into the application...

USN-5177-1: Inetutils vulnerability

It was discovered that Inetutils did not properly check the response of ftp requests. A remote attacker could use this vulnerability to cause a crash or run programs in the user machine...

USN-5177-1 inetutils vulnerability

It was discovered that Inetutils did not properly check the response of ftp requests. A remote attacker could use this vulnerability to cause a crash or run programs in the user machine...

CVE-2022-31197

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

[SECURITY] Fedora 36 Update: golang-x-debug-0-0.15.20210123gitc934e1b.fc36

This repository holds utilities and libraries for debugging Go programs...