SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2023:0868-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0868-1 advisory. - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting...

DEBIAN-CVE-2023-0464

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

Medium: git

Issue Overview: Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git...

CVE-2023-1304

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

CVE-2023-1304

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

CVE-2023-1304

CVE-2023-1304 affects InsightCloudSec. An authenticated attacker can use an exposed getattr() via a Jinja template to smuggle OS commands and invoke actions normally restricted to private methods. Affected are InsightCloudSec versions prior to the fixes; the issue was resolved in Managed and SaaS...

Invoke-PSObfuscation - An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You'Re On Windows Or Kali Linux

Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they have become trivial to extract the intended payload and some launchers get detected often, which essentially...

LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions

U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise IoCs and tactics, techniques, and procedures TTPs associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service RaaS...

[SECURITY] Fedora 37 Update: libmemcached-awesome-1.1.4-1.fc37

libmemcached-awesome is a C/C++ client library and tools for the memcached server https://memcached.org/. It has been designed to be light on memory usage, and provide full access to server side methods. This is a resurrection of the original work from Brian Aker at libmemcached.o rg...

[SECURITY] Fedora 36 Update: libmemcached-awesome-1.1.4-1.fc36

libmemcached-awesome is a C/C++ client library and tools for the memcached server https://memcached.org/. It has been designed to be light on memory usage, and provide full access to server side methods. This is a resurrection of the original work from Brian Aker at libmemcached.o rg...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2023:0724-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0724-1 advisory. - An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in...

Investment fraud overtakes business email compromise as most reported fraud

The Federal Bureau of Investigation FBI has published its 2022 Internet Crime Report. One of the most notable points is that investment fraud has now overtaken business email compromise BEC as the most reported and most damaging type of fraud. The numbers are based on the complaints reported to t...

Google Golang 安全漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

Information Disclosure

jenkins-2-plugins is vulnerable to Information Disclosure. The vulnerability exists due to the non-constant time comparison function in the library when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook...

FreeBSD : strongSwan -- certificate verification vulnerability (3f9b6943-ba58-11ed-bbbd-00e0670f2660)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3f9b6943-ba58-11ed-bbbd-00e0670f2660 advisory. - strongSwan reports: A vulnerability related to certificate verification in TLS-based EAP methods was...

PT-2023-2354 · Unknown +2 · Strongswan +2

Name of the Vulnerable Software and Affected Versions: strongSwan versions 5.9.8 through 5.9.9 Description: The issue is related to incorrect access control and an expired pointer dereference due to the use of a variable named public for two different purposes within the same function. This can...

strongSwan -- certificate verification vulnerability

strongSwan reports: A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected...

The vulnerability of Microsoft Exchange Server servers, related to the use of dangerous methods or functions, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Exchange Server servers is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

GoDaddy says it's a victim of multi-year cyberattack campaign

Hosting and domain name company GoDaddy says it believes a "sophisticated threat actor group" has been subjecting the company to a multi-year attack campaign, the most recent of which occurred in December 2022. In December, it received complaints about customer websites being periodically...

Namaste! LMS < 2.6 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. One XSS issue was fixed in version 2.5.9.9. The...