#web

An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.

### Summary The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. ### Details While attempting to set up Traefik to handle traffic for Docker containers, I observed in the webUI a rule with the following information: `Host(traefik-service) | webwebsecure | traefik-service@docker | traefik-service` I assumed that this is something internal; however, I wondered why it would have a host rule on the web entrypoint configured. So I have send a request with that hostname with `curl -v --resolve "traefik-service:80:xxx.xxx.xxx.xxx" http://traefik-service`. That made my whole server unresponsive. I assume the name comes from a docker container with that name, traefik itself: ``` localhost ~ # docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS ...

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

The Russia-linked influence operation called Doppelganger has targeted Ukrainian, U.S., and German audiences through a combination of inauthentic news sites and social media accounts. These campaigns are designed to amplify content designed to undermine Ukraine as well as propagate anti-LGBTQ+ sentiment, U.S. military competence, and Germany's economic and social issues, according to a new

A new "post-exploitation tampering technique" can be abused by malicious actors to visually deceive a target into believing that their Apple iPhone is running in Lockdown Mode when it's actually not and carry out covert attacks. The novel, detailed by Jamf Threat Labs in a report shared with The Hacker News, "shows that if a hacker has already infiltrated your device, they can cause

FortiWeb VM version 7.4.0 build577 suffers from a post authentication CLI crash when provided a long password.

Red Hat Security Advisory 2023-7641-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7639-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7638-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7637-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.