Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center MSTIC is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or...

Fedora 35 : git (2022-53aadd995f)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-53aadd995f advisory. Upstream update including security & bug fixes as well as feature enhancements. From the upstream release notes: CVE-2022-39253 -------------- When...

Lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection

Description Lack of sanitisation of characters in SSH key name could allow attacker to inject a hyperlink injection that could allow attacker to redirect victim to malicious websites Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/sshkeys 2 Add SSH key 3 Enter the name evil.com ...

No notification triggered on sensitive actions like adding SSH key

Description Adding SSH key is a sensitive action . As the application triggers a notification on all sensitive actions like email change/password reset , SSH key is also an important security feature to be notified about Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/sshkeys 2 ...

Debian DSA-5304-1 : xorg-server - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5304 advisory. - A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in...

CLSA-2022-1671481111 openssh: Fix of 2 CVEs

CVE-2019-6109: verify character encoding in progress display to avoid spoofing of scp client output - CVE-2016-10012: updated to fix server-side protocol errors observed during rekeying with compression enabled...

Cisco Firepower Management Center Software SSH DoS (cisco-sa-fmc-dos-OwEunWJN)

The version of Cisco Firepower Threat Defense installed on the remote host is affected by a vulnerability in the processing of SSH connections of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affecte...

Cisco Firepower Threat Defense Software SSH DoS (cisco-sa-fmc-dos-OwEunWJN)

The version of Cisco Firepower Threat Defense installed on the remote host is affected by a vulnerability in the processing of SSH connections of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...

MCCrash: Cross-platform DDoS botnet targets private Minecraft servers

Malware operations continue to rapidly evolve as threat actors add new capabilities to existing botnets, increasingly targeting and recruiting new types of devices. Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure...

SUSE SLES12 Security Update : xorg-x11-server (SUSE-SU-2022:4483-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4483-1 advisory. - CVE-2022-46340: Server XTestSwapFakeInput stack overflow bsc1205874 - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds...

SUSE SLES15 Security Update : xorg-x11-server (SUSE-SU-2022:4481-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4481-1 advisory. - CVE-2022-46340: Server XTestSwapFakeInput stack overflow bsc1205874 - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds...

SUSE SLES15 Security Update : xorg-x11-server (SUSE-SU-2022:4482-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4482-1 advisory. - CVE-2022-46340: Server XTestSwapFakeInput stack overflow bsc1205874 - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds...

CVE-2022-4283

A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X serve...

AZL-44793 CVE-2022-4283 affecting package xorg-x11-server 1.20.10-6

A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X serve...

CVE-2022-46344

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X...

CVE-2022-46341

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged an...

CVE-2022-46341

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged an...

CVE-2022-46343

A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution f...

CVE-2022-46340

A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local...

Out-of-bounds

A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X serve...