Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Ubuntu Security Notice USN-6888-1

Ubuntu Security Notice 6888-1 - Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this issue to cause Django to consume resources or stop responding, resulting in a denial of service. It was discovered that Django incorrectly handled authenticating users with unusable passwords. A remote attacker could possibly use this issue to perform a timing attack and enumerate users.

Packet Storm
Open in Source
#vulnerability#web#ubuntu#dos#auth
Red Hat Security Advisory 2024-4316-03

Red Hat Security Advisory 2024-4316-03 - Red Hat OpenShift Container Platform release 4.16.2 is now available with updates to packages and images that fix several bugs and add enhancements.

GHSA-fq54-2j52-jc42: Next.js Denial of Service (DoS) condition

### Impact A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. **This vulnerability can affect all Next.js deployments on the affected versions.** ### Patches This vulnerability was resolved in Next.js 13.5 and later. We recommend that users upgrade to a safe version. ### Workarounds There are no official workarounds for this vulnerability. #### Credit We'd like to thank Thai Vu of [flyseccorp.com](http://flyseccorp.com/) for responsible disclosure of this vulnerability.

15 vulnerabilities discovered in software development kit for wireless routers

Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router.

GHSA-qcj6-vxwx-4rqv: Decidim vulnerable to data disclosure through the embed feature

### Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded (such as a Participatory Process, an Assembly, a Proposal, a Result, etc), then some data of this resource could be accessed. ### Patches version 0.27.6 https://github.com/decidim/decidim/commit/1756fa639ef393ca8e8bb16221cab2e2e7875705 ### Workarounds Disallow access through your web server to the URLs finished with `/embed.html`

Peloton accused of providing customer chat data to train AI

Exercise company Peloton is accused of providing customer chat data to a third party for AI training.

Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling

Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments.

Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited

Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild. Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromium-based Edge browser

Google Adds Passkeys to Advanced Protection Program for High-Risk Users

Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection Program (APP). "Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said. Passkeys are considered a more secure and phishing-resistant alternative to passwords. Based on

Google Is Adding Passkey Support for Its Most Vulnerable Users

Google is bringing the password-killing “passkey” tech to its Advanced Protection Program users more than a year after rolling them out broadly.