Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Red Hat Security Advisory 2023-4701-01

Red Hat Security Advisory 2023-4701-01 - The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

Packet Storm
Open in Source
#vulnerability#linux#red_hat#auth#ssl
CVE-2023-38666: SEGV on unknown address 0x000000000028 in mp4encrypt · Issue #784 · axiomatic-systems/Bento4

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt.

CVE-2022-48538: 1.2.23 - Cacti PHP 8.2 LDAP Errors with php-ldap Installed · Issue #5189 · Cacti/cacti

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.

CVE-2020-20813: OpenVPN服务被利用于UDP反射放大DDoS攻击 - FreeBuf网络安全行业门户

Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.

CVE-2022-48566: Issue 40791: hmac.compare_digest could try harder to be constant-time.

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

GHSA-fh2r-99q2-6mmg: rustls-webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation a budget of 100 signature verifications. The original `webpki` crate is also affected. This was previously reported in the original crate <https://github.com/briansmith/webpki/issues/69> and re-reported to us recently.

CISOs Tout SaaS Cybersecurity Confidence, But 79% Admit to SaaS Incidents, New Report Finds

A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cybersecurity. Over 600 IT, cybersecurity, and business leaders at

CVE-2023-39106: YAML deserialization vulnerability leads to RCE · Issue #314 · nacos-group/nacos-spring-project

An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.

Jorani Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass via header spoofing and then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0.

New Malware Turns Windows and macOS Devices into Proxy Nodes

By Habiba Rashid Malware-Driven Proxy Servers Exploit Unsuspecting Users. This is a post from HackRead.com Read the original post: New Malware Turns Windows and macOS Devices into Proxy Nodes