Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Red Hat Security Advisory 2024-1484-03

Red Hat Security Advisory 2024-1484-03 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Packet Storm
#vulnerability#web#linux#red_hat#js#java#firefox#ssl
Red Hat Security Advisory 2024-1608-03

Red Hat Security Advisory 2024-1608-03 - An update for opencryptoki is now available for Red Hat Enterprise Linux 8.

Powerloom Announces Expansion to Base as It Surpasses 5200 Snapshotter Lite Nodes

By Uzair Amir In the last 30 days, Powerloom generated over 250 million snapshots (unique data points), with a daily increase to approximately 10 million snapshots This is a post from HackRead.com Read the original post: Powerloom Announces Expansion to Base as It Surpasses 5200 Snapshotter Lite Nodes

GHSA-9ph3-v2vh-3qx7: Eclipse Vert.x vulnerable to a memory leak in TCP servers

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.

The XZ Backdoor: Everything You Need to Know

Details are starting to emerge about a stunning supply chain attack that sent the open source software community reeling.

WatchGuard XTM Firebox Unauthenticated Remote Command Execution

This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.

Payment authorization and one-time passwords – Mobile Token

By Uzair Amir Isn’t it shocking that people still use passwords like QWERTY12, 1234, or pet names for their online accounts?… This is a post from HackRead.com Read the original post: Payment authorization and one-time passwords – Mobile Token

Facebook spied on Snapchat users to get analytics about the competition

Facebook is accused of using potentially criminal methods to spy on Snapchat users to gain a commercial advantage over its competition.

Masa Network Integrates with LayerZero to Power Its Cross-chain AI Data Network

By Waqas Masa Network’s AI Data Marketplace will be an interoperable network for the world’s personal data, launching across multiple blockchains from day one. This is a post from HackRead.com Read the original post: Masa Network Integrates with LayerZero to Power Its Cross-chain AI Data Network