Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

The XZ Backdoor: Everything You Need to Know

Details are starting to emerge about a stunning supply chain attack that sent the open source software community reeling.

Wired
Open in Source
#sql#vulnerability#microsoft#ubuntu#linux#debian#red_hat#backdoor#auth#ssh#postgres#ssl
WatchGuard XTM Firebox Unauthenticated Remote Command Execution

This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.

Payment authorization and one-time passwords – Mobile Token

By Uzair Amir Isn’t it shocking that people still use passwords like QWERTY12, 1234, or pet names for their online accounts?… This is a post from HackRead.com Read the original post: Payment authorization and one-time passwords – Mobile Token

Facebook spied on Snapchat users to get analytics about the competition

Facebook is accused of using potentially criminal methods to spy on Snapchat users to gain a commercial advantage over its competition.

Masa Network Integrates with LayerZero to Power Its Cross-chain AI Data Network

By Waqas Masa Network’s AI Data Marketplace will be an interoperable network for the world’s personal data, launching across multiple blockchains from day one. This is a post from HackRead.com Read the original post: Masa Network Integrates with LayerZero to Power Its Cross-chain AI Data Network

Artica Proxy Unauthenticated PHP Deserialization

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.

Ubuntu Security Notice USN-6718-1

Ubuntu Security Notice 6718-1 - Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.

GoMining Review: This Platform Makes Bitcoin Mining Possible Through NFTs

By Uzair Amir Curious to learn how GoMining is pioneering the democratization of crypto mining? Read on as we explore their approach, technicals, and how they ensure safety for their users. This is a post from HackRead.com Read the original post: GoMining Review: This Platform Makes Bitcoin Mining Possible Through NFTs

Red Hat Security Advisory 2024-1502-03

Red Hat Security Advisory 2024-1502-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.