#web

Red Hat Security Advisory 2024-0050-03 - Red Hat OpenShift Container Platform release 4.14.8 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized… Read More »

Ransomware gangs are getting more ruthless to increase the pressure on their victims. Now, even swatting cancer patients seems to be on the table.

By Waqas While Hathway hasn't commented yet, analysis of the leaked data by Hackread.com suggests the breach may be authentic and could have serious consequences for affected individuals. This is a post from HackRead.com Read the original post: Indian ISP Hathway Data Breach: Hacker Leaks 4 Million Users, KYC Data

# Microsoft Security Advisory CVE-2024-21319: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in the ASP.NET Core project templates. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A Denial of Service vulnerability exists in ASP.NET Core project templates which utilize JWT-based authentication tokens. This vulnerability allows an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making the server no longer able to respond to legitimate requests. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/290 ### <a name="mitigation-factors"></a>Mitigation factors This impacts only .NET Core-based projects that were created using any...

### Impact _What kind of vulnerability is it? Who is impacted?_ An attacker could exploit this vulnerability by crafting a malicious JSON Web Encryption (JWE) token with a high compression ratio. This token, when processed by a server, leads to excessive memory allocation and processing time during decompression, causing a denial-of-service (DoS) condition. It's important to note that the attacker must have access to the public encrypt key registered with the IDP(Entra ID) for successful exploitation. _According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?_ A scope change (S:C) in the CVSS metric indicates that successful exploitation of this vulnerability could extend beyond the immediate processing of malicious tokens, affecting the overall availability of the system by causing a denial-of-service (DoS) condition. ### Patches _Has the problem been patched? What versions should users upgrade to?_ The v...

OX App Suite version 7.10.6-rev51 suffers from an access control vulnerability. Version 7.10.6-rev34 suffers from multiple cross site scripting vulnerabilities.

OX App Suite version 7.10.6-rev50 suffers from remote code execution and LDAP injection vulnerabilities. Version 7.10.6-rev33 suffers from a cross site scripting vulnerability.

liveSite version 2019.1 suffers from a remote code execution vulnerability.

Intrasrv Simple Web Server version 1.0 suffers from a denial of service vulnerability.