Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

FreeSWITCH 1.10.10 Denial Of Service

When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack.

Packet Storm
#vulnerability#web#dos#git#auth#ssl
Adobe Real-Time CDP: Personalized Customer Experience

By Owais Sultan In the current high-tech age, consumer data is a business’s most important asset as they progressively shifts towards… This is a post from HackRead.com Read the original post: Adobe Real-Time CDP: Personalized Customer Experience

GHSA-hwcc-4cv8-cf3h: Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)

### Issue Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in [version 2.1.5](https://docs.snowflake.com/release-notes/clients-drivers/dotnet-2023#version-2-1-5-december-18-2023). ### Attack Scenario Snowflake uses CRL to check if a TLS certificate has been revoked before its expiration date. The lack of correct validation of revoked certificates could, in theory, allow an attacker who has both access to the private key of a correctly issued Snowflake certificate and the ability to intercept network traffic to perform a Man-in-the-Middle (MitM) attack in order to compromise Snowflake credentials used by the driver. The vulnerability is difficult to exploit given both conditions required and...

Craft CMS 4.4.14 Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 4.0.0-RC1 through 4.4.14.

Debian Security Advisory 5584-1

Debian Linux Security Advisory 5584-1 - It was reported that the BlueZ's HID profile implementation is not inline with the HID specification which mandates the use of Security Mode 4. The HID profile configuration option ClassicBondedOnly now defaults to "true" to make sure that input connections only come from bonded device connections.

Debian Security Advisory 5582-1

Debian Linux Security Advisory 5582-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service, the execution of arbitrary code or spoofing of signed PGP/MIME and SMIME emails.

Facebook Marketplace Is Being Ruined by Zelle Scammers

I tried to sell a futon on Facebook Marketplace and nearly all I got were scammers.

How does ThreatDown Vulnerability Assessment and Patch Management work?

Dive into the inner workings of ThreatDown Vulnerability Assessment and Patch Management

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor

Weather Wonders: A Guide to Crafting a Dynamic App Using Weather APIs

By Owais Sultan Weather applications have become an integral part of our daily lives. These apps, which provide us with real-time… This is a post from HackRead.com Read the original post: Weather Wonders: A Guide to Crafting a Dynamic App Using Weather APIs