Read Time:8 Second
FEDORA-2023-5d980e6aaf
Packages in this update:
matrix-synapse-1.80.0-6.fc37
Update description:
Backport fixes for CVE-2023-41335, CVE-2023-42453
Monthly Archives: September 2023
Smashing Security podcast #341: Another T-Mobile breach, ThemeBleed, and farewell Naked Security
Read Time:19 Second
Mix TikTok with facial recognition, and you’ve got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.
Multiple Vulnerabilities in Cisco Catalyst SD-WAN Manager Could Allow for Unauthorized Access
Read Time:30 Second
Multiple vulnerabilities have been discovered in Cisco Catalyst SD-WAN Manager, the most severe of which could allow for unauthorized access on the targeted host. Cisco SD-WAN Manager is a centralized network management system. Successful exploitation of the most severe of these vulnerabilities could allow for unauthorized access. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
matrix-synapse-1.93.0-2.fc38
Read Time:8 Second
FEDORA-2023-84ee781688
Packages in this update:
matrix-synapse-1.93.0-2.fc38
Update description:
Update to v1.93.0 (CVE-2023-41335, CVE-2023-42453)
matrix-synapse-1.93.0-2.fc39
Read Time:8 Second
FEDORA-2023-9f2c631f0d
Packages in this update:
matrix-synapse-1.93.0-2.fc39
Update description:
Update to v1.93.0 (CVE-2023-41335, CVE-2023-42453)
CVE-2023-20033 (ios_xe)
Read Time:27 Second
A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper resource management when processing traffic that is received on the management interface. An attacker could exploit this vulnerability by sending a high rate of traffic to the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
British charities warn supporters their personal data has been breached
Read Time:11 Second
UK charities including Shelter, the RSPCA, the Dogs Trust, Battersea Dogs and Cats Home, and Friends of the Earth have warned their supporters that hackers have stolen their data following a breach at a supplier.
Simple Membership Plugin Flaws Expose WordPress Sites
Read Time:4 Second
Patchstack uncovered an unauthenticated role privilege escalation flaw and an account takeover vulnerability
Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims
Read Time:5 Second
According to Resecurity, Ransomed.vc is demanding a ransom of over $1m from NTT Docomo