Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

GHSA-j2rp-gmqv-frhv: HashiCorpVault does not correctly validate OCSP responses

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.

ghsa
#git#auth#ssl
GHSA-f8h5-v2vg-46rr: quarkus-core leaks local environment variables from Quarkus namespace during application's build

A vulnerability was found in the quarkus-core component. Quarkus captures the local environment variables from the Quarkus namespace during the application's build. Thus, running the resulting application inherits the values captured at build time. However, some local environment variables may have been set by the developer / CI environment for testing purposes, such as dropping the database during the application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application. It leads to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. So, application-specific properties are not captured.

GNU Transport Layer Security Library 3.8.5

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Center Identity Launches Patented Passwordless Authentication for Businesses

By Cyber Newswire Center Identity, a pioneering cybersecurity company, is excited to unveil its patented secret location authentication, reshaping how businesses… This is a post from HackRead.com Read the original post: Center Identity Launches Patented Passwordless Authentication for Businesses

Google patches critical vulnerability for Androids with Qualcomm chips

Google has issued patches for 28 security vulnerabilities, including a critical patch for Androids with Qualcomm chips.

Red Hat Security Advisory 2024-1662-03

Red Hat Security Advisory 2024-1662-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include denial of service, information leakage, and memory leak vulnerabilities.

Red Hat Security Advisory 2024-1646-03

Red Hat Security Advisory 2024-1646-03 - An update for grafana is now available for Red Hat Enterprise Linux 8. Issues addressed include a memory leak vulnerability.