Read Time:7 Second
FEDORA-2023-b88b72e3e1
Packages in this update:
mingw-python-certifi-2023.7.22-1.fc38
Update description:
Update to certifi-2023.7.22.
Daily Archives: August 4, 2023
CVE-2020-26082
Read Time:26 Second
A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device.
The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.
CVE-2020-26065
Read Time:25 Second
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system.
The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.
CVE-2020-26064
Read Time:26 Second
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.
The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.
Friday Squid Blogging: 2023 Squid Oil Global Market Report
Read Time:13 Second
I had no idea that squid contain sufficient oil to be worth extracting.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
CVE-2022-41401
Read Time:10 Second
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.
Stealthy npm Malware Exposes Developer Data
Read Time:3 Second
Phylum said the attack demonstrated a carefully crafted development cycle
VMConnect: Python PyPI Threat Imitates Popular Modules
Read Time:3 Second
ReversingLabs said the attackers displayed a sophisticated approach and techniques
CISA Announces 2024-2026 Strategic Plan
Read Time:6 Second
The US’ leading cybersecurity agency calls for us to “embody the hacker spirit” in its latest strategic plan
Sophisticated Phishing Exploits Zero-Day Salesforce Vulnerability
Read Time:4 Second
Guardio Labs detected the campaign and detailed its findings in a technical blog post