python3 security update

3.6.8-47.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-47 - Security fix for CVE-2015-20107 Resolves: rhbz2075390 3.6.8-46 - Security fix for CVE-2022-0391: urlparse does not sanitize URLs containing ASCII newline and tabs - Fix the test suite support for Expat = 2.4.5...

CVE-2022-36093

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

CVE-2022-36093 XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

CVE-2022-36093 XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2...

[SECURITY] [DSA 5224-1] poppler security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5224-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 06, 2022 https://www.debian.org/security/faq -...

org.apache.iotdb:iotdb-distribution (=0.13.0) potentially affected by CVE-2022-38370 via org.apache.iotdb:iotdb-grafana-connector (=0.13.0)

org.apache.iotdb:iotdb-grafana-connector MAVEN version =0.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.iotdb:iotdb-grafana-connector and may be impacted: - org.apache.iotdb:iotdb-distribution =0.13.0 Source cves: CVE-2022-38370 Sourc...

Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan

The notorious Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. "This new dropper doesn't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware,"...

CVE-2022-32744

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover...

CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

AZL-10735 CVE-2022-2031 affecting package samba 4.12.5-7

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

ALPINE-CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

CVE-2022-32427

PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. This issue has been resolved in PrinterLogic Windows Client...

CVE-2022-32427

The CVE-2022-32427 issue affects PrinterLogic Windows Client (versions up to 25.0.0.676). It enables directory traversal by authenticated users with prior knowledge of the driver filename, potentially allowing privilege escalation or distribution of malicious content. The root cause is a path tra...

PEAR Archive_Tar Improper Link Resolution Vulnerability

PEAR ArchiveTar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party...

Hackers Using Fake DDoS Protection Pages to Distribute Malware

WordPress sites are being hacked to display fraudulent Cloudflare DDoS protection pages that lead to the delivery of malware such as NetSupport RAT and Raccoon Stealer. "A recent surge in JavaScript injections targeting WordPress sites has resulted in fake DDoS prevent prompts which lead victims ...

Attackers using fake Cloudflare DDoS protection popups to distribute malware

By Waqas The malware dropped in this attack is the NetSupport RAT which was previously identified in malicious MS Word documents. This is a post from HackRead.com Read the original post: Attackers using fake Cloudflare DDoS protection popups to distribute malware...

Google Fended Off Largest Ever Layer 7 DDoS Attack

By Waqas According to Google, the geographic distribution of the DDoS attack suggests that it might have been launched through… This is a post from HackRead.com Read the original post: Google Fended Off Largest Ever Layer 7 DDoS Attack...

CVE-2022-28696

Uncontrolled search path in the IntelR Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2022-28696

Uncontrolled search path in the IntelR Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

Design/Logic Flaw

Uncontrolled search path in the IntelR Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access...