A vulnerability, which was classified as critical, has been found in risheesh debutsav. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 7a8430df79277c613449262201cc792db894fc76. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218459.
Daily Archives: January 17, 2023
Remote.it takes steps toward zero trust with ‘single line of code’ provisioning
Network management company Remote.it today announced new features for its core SaaS-based service, including support for the Okta user identification platform and Docker containers, and what it’s describing as “programmatic deployment” of zero trust networks.
Essentially, the company said, the idea is to provide automated provisioning and deployment of network access to managed assetts — using a small, 80KB daemon designed to run on almost any hardware to hook into the TCP/IP stack and create a connection with Remote.it’s systems. The company’s own cloud then automatically configures the connection, without any requirement of input from IT staff.
libXpm-3.5.15-2.fc36
FEDORA-2023-49dbeb6b03
Packages in this update:
libXpm-3.5.15-2.fc36
Update description:
libXpm 3.5.15, fixes CVE-2022-46285, CVE-2022-44617, CVE-2022-4883
libXpm-3.5.15-2.fc37
FEDORA-2023-1bd07375a7
Packages in this update:
libXpm-3.5.15-2.fc37
Update description:
libXpm 3.5.15, fixes CVE-2022-46285, CVE-2022-44617, CVE-2022-4883
How attackers might use GitHub Codespaces to hide malware delivery
Attackers could start abusing GitHub Codespaces, a new service that allows developers to create and test applications inside development containers running on GitHub’s servers. Developers can make their applications accessible via public GitHub URLs for preview by others, a functionality that can be abused to distribute malware payloads in a stealthy way.
“If the application port is shared privately, browser cookies are used and required for authentication,” researchers from security firm Trend Micro said in a new report. “However, if ports are shared with the public (that is, without authentication or authentication context), attackers can abuse this feature to host malicious content such as scripts and malware samples.”
git-2.39.1-1.fc37
FEDORA-2023-9718cc6113
Packages in this update:
git-2.39.1-1.fc37
Update description:
Update to 2.39.1 (CVE-2022-41903, CVE-2022-23521)
Refer to the upstream release notes and the security advisories (CVE-2022-41903, CVE-2022-23521) for details.
git-2.39.1-1.fc36
FEDORA-2023-746c4aacce
Packages in this update:
git-2.39.1-1.fc36
Update description:
Update to 2.39.1 (CVE-2022-41903, CVE-2022-23521)
Refer to the upstream release notes and the security advisories (CVE-2022-41903, CVE-2022-23521) for details.
CVE-2006-20001
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.
Oracle Critical Patch Update Advisory – January 2023
USN-5810-1: Git vulnerabilities
Markus Vervier and Eric Sesterhenn discovered that Git incorrectly handled certain
gitattributes. An attacker could possibly use this issue to cause a crash
or execute arbitrary code. (CVE-2022-23521)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2022-41903)