Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

WebTareas 2.4 Remote Shell Upload

WebTareas version 2.4 suffers from a remote shell upload vulnerability.

Packet Storm
#vulnerability#web#windows#apache#js#java#php#c++#rce#amd#auth#firefox#ssl
Atom CMS 2.0 SQL Injection

Atom CMS version 2.0 suffers from a remote SQL injection vulnerability. Original discovery of this issue in this version is attributed to Luca Cuzzolin in February of 2022.

Aero CMS 0.0.1 Remote Shell Upload

Aero CMS version 0.l0.1 remote shell upload exploit. Original discovery of this issue in this version is attributed to D4rkP0w4r in April of 2022.

Aero CMS 0.0.1 SQL Injection

Aero CMS version 0.0.1 suffers from multiple remote SQL injection vulnerabilities. Original discovery of this issue in this version is attributed to nu11secur1ty in August of 2022.

Red Hat Security Advisory 2023-1469-01

Red Hat Security Advisory 2023-1469-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a double free vulnerability.

Desktop Central 9.1.0 CRLF Injection / Server-Side Request Forgery

Desktop Central version 9.1.0 suffers from crlf injection, and server-side request forgery vulnerabilities.

Latitude Financial Data Breach: 14 Million Customers Affected

By Waqas The CEO of Latitude Financial, Ahmed Fahour, has expressed disappointment in the incident and apologized unreservedly to customers. This is a post from HackRead.com Read the original post: Latitude Financial Data Breach: 14 Million Customers Affected

CVE-2022-45597

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.

GHSA-3gxf-9r58-2ghg: `openssl` `X509NameBuilder::build` returned object is not thread safe

OpenSSL has a `modified` bit that it can set on on `X509_NAME` objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin (Google) for reporting this issue.

GHSA-9qwg-crg9-m2vc: `openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read

`SubjectAlternativeName` and `ExtendedKeyUsage` arguments were parsed using the OpenSSL function `X509V3_EXT_nconf`. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin (Google) for reporting this issue.