Read Time:7 Second
FEDORA-2023-04d519d0b3
Packages in this update:
qt5-qtbase-5.15.10-5.fc38
Update description:
Security fix for CVE-2023-37369
Monthly Archives: August 2023
Scammers Exploit Hacked Websites For Phishing
Read Time:4 Second
Kaspersky explained one common strategy is the hacking of abandoned or poorly maintained websites
USN-6294-1: HAProxy vulnerability
Read Time:8 Second
Ben Kallus discovered that HAProxy incorrectly handled empty Content-Length
headers. A remote attacker could possibly use this issue to manipulate the
payload and bypass certain restrictions.
CVE-2020-26037
Read Time:7 Second
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.
LockBit’s dirty little secret: ransomware gang is failing to publish victims’ data
Read Time:14 Second
The LockBit ransomware gang may be having more than a few headaches right now.
According to a researcher who spent a year undercover gathering intelligence on the LockBit group, the ransomware gang is trying to cover up “the fact it often cannot consistently publish stolen data.”
USN-6293-1: OpenStack Heat vulnerability
Read Time:8 Second
It was discovered that OpenStack Heat incorrectly handled certain hidden
parameter values. A remote authenticated user could possibly use this issue
to obtain sensitive data.
CVE-2023-1977
Read Time:14 Second
The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it’s admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.
CVE-2023-1465
Read Time:12 Second
The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin
CVE-2023-1110
Read Time:15 Second
The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2023-0579
Read Time:12 Second
The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.