Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Red Hat Security Advisory 2023-1469-01

Red Hat Security Advisory 2023-1469-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a double free vulnerability.

Packet Storm
Open in Source
#vulnerability#linux#red_hat#js#ssl
Desktop Central 9.1.0 CRLF Injection / Server-Side Request Forgery

Desktop Central version 9.1.0 suffers from crlf injection, and server-side request forgery vulnerabilities.

Latitude Financial Data Breach: 14 Million Customers Affected

By Waqas The CEO of Latitude Financial, Ahmed Fahour, has expressed disappointment in the incident and apologized unreservedly to customers. This is a post from HackRead.com Read the original post: Latitude Financial Data Breach: 14 Million Customers Affected

CVE-2022-45597

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.

GHSA-3gxf-9r58-2ghg: `openssl` `X509NameBuilder::build` returned object is not thread safe

OpenSSL has a `modified` bit that it can set on on `X509_NAME` objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin (Google) for reporting this issue.

GHSA-9qwg-crg9-m2vc: `openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read

`SubjectAlternativeName` and `ExtendedKeyUsage` arguments were parsed using the OpenSSL function `X509V3_EXT_nconf`. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin (Google) for reporting this issue.

GHSA-6hcf-g6gr-hhcr: `openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference

These functions would crash when the context argument was None with certain extension types. Thanks to David Benjamin (Google) for reporting this issue.

GHSA-f5v5-ccqc-6w36: async-nats vulnerable to TLS certificate common name validation bypass

The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the `host`name provided by the server's plaintext `INFO` message during the initial connection setup phase. A MitM proxy can tamper with the `host` field's value by substituting it with the common name of a valid certificate it controls, fooling the client into accepting it. ## Reproduction steps 1. The NATS Rust client tries to establish a new connection 2. The connection is intercepted by a MitM proxy 3. The proxy makes a separate connection to the NATS server 4. The NATS server replies with an `INFO` message 5. The proxy reads the `INFO`, alters the `host` JSON field and passes the tampered `INFO` back to the client 6. The proxy upgrades the client connection to TLS, presenting a certificate issued by a certificate authority present in the client's keychain. In the previous step the `host` was set to the common name of said certificate 7. `rus...

CVE-2023-22812: WDC-23005 SanDisk PrivateAccess Software Update | Western Digital

SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.

Threat Roundup for March 17 to March 24

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 17 and March 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key