What’s New for Developers: September 2022

Learn about Akamai’s voxel art contest, the updates to EdgeWorkers and EdgeKV demo sites, and how the beta Test Center CLI allows you to test the behavior of configuration changes on your own in this month’s blog...

Fedora: Security Advisory for python3.9 (FEDORA-2022-f511f8f58b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: python3.9-3.9.14-1.fc35

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

Fedora: Security Advisory for python3.9 (FEDORA-2022-6d57598a23)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for python3.8 (FEDORA-2022-66b65beccb)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: python3.8-3.8.14-1.fc35

Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...

[SECURITY] Fedora 35 Update: python3.7-3.7.14-1.fc35

Python 3.7 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, see other distributions that support it, such as an older Fedora release...

[SECURITY] Fedora 37 Update: python3.8-3.8.14-1.fc37

Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...

[SECURITY] Fedora 37 Update: python3.7-3.7.14-1.fc37

Python 3.7 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, see other distributions that support it, such as an older Fedora release...

EUVD-2022-6848

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass...

EUVD-2022-6664

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI...

CVE-2022-40635

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass...

[SECURITY] Fedora 36 Update: python3.9-3.9.14-1.fc36

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

[SECURITY] Fedora 36 Update: python3.8-3.8.14-1.fc36

Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...

[SECURITY] Fedora 36 Update: python3.7-3.7.14-1.fc36

Python 3.7 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, see other distributions that support it, such as an older Fedora release...

Crafter CMS 安全漏洞

Crafter CMS is an open source content management system CMS for digital experience applications. A security vulnerability exists in Crafter CMS Crafter Studio versions prior to 3.1.23, which stems from improperly controlled dynamic management code resources that allow authenticated developers to...

PT-2022-25431 · Crafter Cms · Crafter Studio

Name of the Vulnerable Software and Affected Versions: Crafter Studio of Crafter CMS affected versions not specified Description: The issue allows authenticated developers to execute OS commands via FreeMarker SSTI due to improper control of dynamically-managed code resources. Recommendations: At...

Novel remote access trojan CodeRAT uncovered

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CodeRAT is a remote access trojan RAT. The malicious operation, which appears to have originated in Iran, employed a Word document with a Microsoft Dynamic Data Exchange DDE exploit to target...

New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security

A new phishing-as-a-service PhaaS toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication 2FA protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to...

CISA, NSA, and ODNI Release Part One of Guidance on Securing the Software Supply Chain

CISA, the National Security Agency NSA, and the Office of the Director of National Intelligence ODNI, have published part one of a three-part joint publication series, Securing Software Supply Chain Series - Recommended Practices for Developers. This guidance—created by the Enduring Security...