Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Computer Laboratory Management System 2024 1.0 Cross Site Scripting

Computer Laboratory Management System 2024 version 1.0 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#sql#xss#vulnerability#web#mac#windows#apple#google#apache#git#php#auth#chrome#webkit#ssl
ManageEngine ADManager 7183 Password Hash Disclosure

ManageEngine ADManager version 7183 suffers from a password hash disclosure vulnerability.

How Cloud-Based Solutions Are Transforming Software Quality Assurance

Cloud-based solutions are transforming the software quality assurance (QA) industry. As organizations increasingly migrate their development and verification…

How This Video Game Controller Became the US Military’s Weapon of Choice

After decades of relying on buttons, switches, and toggles, the Pentagon has embraced simple, ergonomic video-game-style controllers already familiar to millions of potential recruits.

Debian Security Advisory 5781-1

Debian Linux Security Advisory 5781-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

Acronis Cyber Infrastructure Default Password Remote Code Execution

Acronis Cyber Infrastructure (ACI) is an IT infrastructure solution that provides storage, compute, and network resources. Businesses and Service Providers are using it for data storage, backup storage, creating and managing virtual machines and software-defined networks, running cloud-native applications in production environments. This Metasploit module exploits a default password vulnerability in ACI which allow an attacker to access the ACI PostgreSQL database and gain administrative access to the ACI Web Portal. This opens the door for the attacker to upload SSH keys that enables root access to the appliance/server. This attack can be remotely executed over the WAN as long as the PostgreSQL and SSH services are exposed to the outside world. ACI versions 5.0 before build 5.0.1-61, 5.1 before build 5.1.1-71, 5.2 before build 5.2.1-69, 5.3 before build 5.3.1-53, and 5.4 before build 5.4.4-132 are vulnerable.

What Communications Companies Need to Know Before Q-Day

NIST standardized three algorithms for post-quantum cryptography. What does that mean for the information and communications technology (ICT) industry?

Unix Printing Vulnerabilities Enable Easy DDoS Attacks

All an attacker needs to exploit flaws in the Common Unix Printing System is a few seconds and less than 1 cent in computing costs.

Normalizing Security Culture: Don’t Have to Get Ready If You Stay Ready

Prioritizing security as a critical element to an organization’s effectiveness and success will reduce the risk of incidents, while benefiting the whole team and the organization’s reputation.

GHSA-4jwc-w2hc-78qv: Tonic has remotely exploitable denial of service vulnerability

### Impact When using `tonic::transport::Server` there is a remote DoS attack that can cause the server to exit cleanly on accepting a tcp/tls stream. This can be triggered via causing the accept call to error out with errors there were not covered correctly causing the accept loop to exit. More information can be found [here](https://github.com/hyperium/tonic/issues/1897) ### Patches Upgrading to tonic `0.12.3` and above contains the fix. ### Workarounds A custom accept loop is a possible workaround.