git-2.39.2-1.fc37
Update to 2.39.2 (CVE-2023-22490, CVE-2023-23946)
Refer to the upstream release notes and the security advisories (CVE-2023-22490, CVE-2023-23946) for details.
git-2.39.2-1.fc36
Update to 2.39.2 (CVE-2023-22490, CVE-2023-23946)
Refer to the upstream release notes and the security advisories (CVE-2023-22490, CVE-2023-23946) for details.
Ronald Crane discovered that APR-util did not properly handled memory when
encoding or decoding certain input data. An attacker could possibly use
this issue to cause a denial of service, or possibly execute arbitrary
code.
It was discovered that Git incorrectly handled certain repositories.
An attacker could use this issue to make Git uses its local
clone optimization even when using a non-local transport.
(CVE-2023-22490)
Joern Schneeweisz discovered that Git incorrectly handled certain commands.
An attacker could possibly use this issue to overwrite a patch outside
the working tree. (CVE-2023-23946)
The infostealer Vidar has returned to the top 10 after an increase in ‘brandjacking’ attacks
Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg,
and Harvey Tuch discovered that HAProxy incorrectly handled empty header
names. A remote attacker could possibly use this issue to manipulate
headers and bypass certain authentication checks and restrictions.
The group previously targeted government agencies and think tanks in Asia and Europe
This is a current list of where and when I am scheduled to speak:
I’m speaking at Mobile World Congress 2023 in Barcelona, Spain, on March 1, 2023 at 1:00 PM CET.
I’m speaking on “How to Reclaim Power in the Digital World” at EPFL in Lausanne, Switzerland, on Thursday, March 16, 2023, at 5:30 PM.
I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 1-2, 2023.
The list is maintained on this page.
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.
