#samba

Powered by WatchGuard’s Unified Security Platform® architecture, new Fireboxes deliver enhanced performance and added security capabilities that MSPs and IT admins can easily manage in WatchGuard Cloud.

Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine.

ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.

Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code.

2022 saw a record number of cyberattacks. In response, regulators are prescribing how companies should manage their risks. How do you prepare?

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are

Categories: Business G2 has released their Winter 2023 reports, ranking Malwarebytes as the leader across a number of endpoint protection categories based on customer reviews. (Read more...) The post Malwarebytes recognized as endpoint security leader by G2 appeared first on Malwarebytes Labs.

**What is the curl open-source project?** Curl is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for "Client for URL". The Windows implementation provides access to the command-line tool, not the library. **What version of curl addresses this CVE?** Curl version 7.87.0 addresses this vulnerability. **Is CVE-2022-43552 going to be addressed in all supported versions of Windows?** Supported versions of Windows will be updated in a future security release after the March 14, 2023 release. This CVE will be updated when the update is available. Use the Security Update Guide Profile to sign up for automatic notifications. **Where can I find more information about this curl vulnerability?** More information can be found at NVD and curl.se **Are there any workarounds that can be implemented?** Preventing the execution of curl.exe is a workaround to be considered Use a WDAC p...

A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.

Red Hat Security Advisory 2023-0637-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.