Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Tor Browser 11.5 release enables users to automatically circumvent censorship

New update addresses challenges faced by users in repressive countries

PortSwigger
Open in Source
#web#firefox#ssl
RHSA-2022:5602: Red Hat Security Advisory: RHUI 4.1.1 release - Security Fixes and Enhancement Update

An updated version of Red Hat Update Infrastructure (RHUI) is now available. RHUI 4.1.1 introduces important enhancements and fixes several security bugs.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-28346: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() * CVE-2022-28347: Django: SQL injection via QuerySet.explain(options) on PostgreSQL

New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals

A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment (SATA) or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data. "Although air-gap computers have no wireless connectivity, we show that attackers can use

CVE-2021-29790: Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2022-0778, CVE-2021-38868, CVE-2021-29799, CVE-2021-29790, CVE-2021-297

IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440.

CVE-2022-32387: Hotfixes

In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler.

Global Socket 1.4.38

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

CVE-2021-33656: vt-drop-old-font-ioctls.patch « 5.10.127 « releases - kernel/git/stable/stable-queue.git

When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.

CVE-2020-23563: IrfanView PlugIns

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba.

CVE-2020-16093: LemonLDAP::NG - Web Single Sign On and Access Management Free Software

In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.

CVE-2022-26482: Security Center

An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.