Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

CVE-2019-8720: WebKitGTK and WPE WebKit Security Advisory WSA-2019-0005

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

CVE
#xss#vulnerability#web#google#zero_day#webkit#ssl
The Role of Verifiable Credentials In Preventing Account Compromise

As digital identity verification challenges grow, organizations need to adopt a more advanced and forward-focused approach to preventing hacks.

How to use Confidential Containers without confidential hardware

<p>The <a href="https://github.com/confidential-containers">Confidential Containers</a> (CoCo) project aims to implement a cloud-native solution for confidential computing using the most advanced <a href="https://en.wikipedia.org/wiki/Trusted_execution_environment">trusted execution environments</a> (TEE) technologies available from hardware vendors like AMD, IBM and Intel. Recently, the first release of the project (<a href="https://github.com/confidential-containers/docum

A Privacy Hero's Final Wish: An Institute to Redirect AI's Future

Peter Eckersley did groundbreaking work to encrypt the web. After his sudden death, a new organization he founded is carrying out his vision to steer artificial intelligence toward “human flourishing.”

CVE-2023-26510: Ghost Security & Privacy

Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact.

CVE-2023-26490: Release 💮🐮 Moorch 2023 Update - ⚠️ CVE-2023-26490 ⚠️ and some fixes · mailcow/mailcow-dockerized

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to obtain shell access to the Docker container running dovecot. The imapsync Perl script implements all the necessary functionality for this feature, including the XOAUTH2 authentication mechanism. This code path creates a shell command to call openssl. However, since different parts of the specified user password are included without any validation, one can simply execute additional shell commands. Notably, the default ACL for a newly-created mailcow account does not include the necessary permission. The Issue has been fixed within the 2023-03 Update (March 3rd 2023). As a temporary workaround the Syncjob ACL can be removed from all mailbox users, preventing from creating or changing existing Sy...

CVE-2023-26213: OS Command Injectionin Barracuda CloudGen WAN

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters.

Barracuda CloudGen WAN OS Command Injection

Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/update_certificate endpoint. Versions prior to v8.* hotfix 1089 are affected.

CVE-2023-1101

SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.

What GoDaddy's Years-Long Breach Means for Millions of Clients

The same "sophisticated" threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here's what to do.