K000136957 : Apache struts vulnerability CVE-2023-41835
Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the ...
K000136924 : Node.JS vulnerabilities CVE-2018-7158, CVE-2018-7164, and CVE-2018-7166
Security Advisory Description CVE-2018-7158 The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was ...
K000136903 : OpenSSL Diffie-Hellman vulnerability CVE-2023-3446
Security Advisory Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_ ...
K41043270 : Intel processor vulnerabilities CVE-2021-0086 and CVE-2021-0089
Security Advisory Description CVE-2021-0086 Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information ...
K000136157 : sssd vulnerability CVE-2022-4254
Security Advisory Description sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters (CVE-2022-4254) Impact Low privileged malicious user could exploit the vulnerability to ...
K000136168 : Intel BIOS firmware vulnerabilities CVE-2022-44611 and CVE-2022-27879
Security Advisory Description CVE-2022-44611 Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege ...
K000136153 : cURL vulnerability CVE-2023-23914
Security Advisory Description A cleartext transmission of sensitive information vulnerability exists in curl. (CVE-2023-23914) Impact There is no impact; F5 products are not affected by this ...
K000136109 : PHP SQLite vulnerability CVE-2022-31631
Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the ...
K000136079 : Redis Vulnerability CVE-2022-0543
Security Advisory Description It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in ...
K11315080 : OpenSSH vulnerability CVE-2018-20685
Security Advisory Description In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is ...
K12252011 : OpenSSH vulnerability CVE-2019-6109
Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ ...
K21350967 : OpenSSH vulnerability CVE-2019-6111
Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client.
K15402727 : cURL vulnerability CVE-2020-8286
Security Advisory Description curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. (CVE-2020-8286) Impact
K000132946 : OpenSSL vulnerability CVE-2023-0215
Security Advisory Description The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, ...
K000132943 : OpenSSL vulnerability CVE-2022-4304
Security Advisory Description A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher ...
K42531048 : OpenSSH vulnerability CVE-2019-6110
Security Advisory Description In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client ...
K000132941 : OpenSSL vulnerability CVE-2023-0286
Security Advisory Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public ...
K12201527 : Overview of Quarterly Security Notifications
Security Advisory Description F5 discloses security vulnerabilities and security exposures for F5 products in Quarterly Security Notifications. Quarterly Security Notification dates are published ...
K000136011 : CVE-2023-41080 Apache Tomcat Open Redirect Vulnerability
Security Advisory Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 ...
K000135997 : Multiple Node.JS vulnerabilities
Security Advisory Description CVE-2023-32002 The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This ...
Researchers Spot Novel “Deadglyph” Backdoor
Malware is linked to UAE-backed spies
Almost US 900 Schools Breached Via MOVEit
National Student Clearinghouse reveals more details of incident
Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection
Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time.
"While this activity occurred around the same time and in some instances even simultaneously...
T-mobile exposes some customer data – but don’t call it a breach
PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Infosec in brief T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that...
