Read Time:8 Second
FEDORA-2023-828bf01834
Packages in this update:
dnsmasq-2.89-2.fc37
Update description:
According to DNS flag day set default packet size to 1232
Yearly Archives: 2023
dnsmasq-2.89-2.fc38
Read Time:8 Second
FEDORA-2023-eeca11a4df
Packages in this update:
dnsmasq-2.89-2.fc38
Update description:
According to DNS flag day set default packet size to 1232
Unapproved Apps Used By 32% of Remote Workers
Read Time:5 Second
Latest Lookout report also suggested 46% of remote employees saved work files to personal devices
CVE-2022-38923
Read Time:8 Second
BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the ‘User-Agent’ field using a Time-based blind SLEEP payload.
CVE-2022-38922
Read Time:9 Second
BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the ‘users-cookie-settings’ token using a Time-based blind SLEEP payload.
skopeo-1.11.2-1.fc37
Read Time:6 Second
FEDORA-2023-28c182b657
Packages in this update:
skopeo-1.11.2-1.fc37
Update description:
Security fix for CVE-2022-41723
skopeo-1.11.2-1.fc38
Read Time:6 Second
FEDORA-2023-ccaf5538dd
Packages in this update:
skopeo-1.11.2-1.fc38
Update description:
Security fix for CVE-2022-41723
CVE-2022-27665
Read Time:23 Second
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.
Israeli cybersecurity firm launches managed services offering for MSPs
Read Time:43 Second
Israel-based managed cybersecurity provider Guardz has announced the general availability of its first cybersecurity offering for managed service providers (MSP) and IT professionals.
“The launch of this dedicated MSP platform brings Guardz one step closer to our goal of democratizing enterprise-grade level cybersecurity technologies,” said Dor Eisner, co-founder and CEO of Guardz. “MSPs will be able to give their clients the confidence that their business is secure from the inside out and gain complete visibility into their users’ cyber posture.”
Guardz’ namesake offering comes shortly after the company exited stealth in January with $10 million in seed funding. Company co-founder Eisner previously worked at the Israeli Military Intelligence as a cybersecurity team lead, while the other co-founder Alon Lavi was a staff sergeant at Israel Defense Forces before starting Guardz.
USN-5994-1: HAProxy vulnerability
Read Time:7 Second
It was discovered that HAProxy incorrectly initialized certain connection
buffers. A remote attacker could possibly use this issue to obtain
sensitive information.