Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-qg5g-gv98-5ffh: rustls network-reachable panic in `Acceptor::accept`

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use `rustls::server::Acceptor::accept()` are affected. Servers that use `tokio-rustls`'s `LazyConfigAcceptor` API are affected. Servers that use `tokio-rustls`'s `TlsAcceptor` API are not affected. Servers that use `rustls-ffi`'s `rustls_acceptor_accept` API are affected.

ghsa
Open in Source
#vulnerability#web#auth#ssl
Top 5 Platforms for Identifying Smart Contract Vulnerabilities 

How well do you know your smart contracts’ health? This article highlights the top five platforms that DeFi…

Spotify, Audible, and Amazon used to push dodgy forex trading sites and more

Cybercriminals are spamming content platforms like Spotify and Amazon with cracks, keygens, and forex trading platforms. We explain why.

Red Hat Security Advisory 2024-9989-03

Red Hat Security Advisory 2024-9989-03 - An update for python-webob is now available for Red Hat OpenStack Platform 17.1.

Red Hat Security Advisory 2024-9983-03

Red Hat Security Advisory 2024-9983-03 - An update for python-webob is now available for Red Hat OpenStack Platform 17.1.

99% of UAE’s .ae Domains Exposed to Phishing and Spoofing

Only 1.11% of UAE's 37,926 .ae domains have implemented DMARC, leaving most vulnerable to phishing and and spoofing attacks.

“Hilariously insecure”: Andrew Tate’s The Real World breached, 800,000 users affected

Hacktivists have breached Andrew Tate's learning platform The Real World and obtained 794,000 usernames for current and former members, as well as 324,382 email addresses of former clients.

GHSA-6vrw-mpj8-3j59: Duplicate Advisory: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5545-r4hg-rj4m. This link is maintained to preserve external references. ## Original Description A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not.

GHSA-j3x3-r585-4qhg: Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references. ## Original Description A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.

GHSA-f27h-g923-68hw: OpenStack Neutron can use an incorrect ID during policy enforcement

In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the "Work in Progress" status as of 2024-11-24.