It was reported that incorrect bound checks in the dsaVerify function
in node-browserify-sign, a Node.js library which adds crypto signing
for browsers, allows an attacker to perform signature forgery attacks
by constructing signatures that can be successfully verified by any
public key.
Two remotely exploitable security vulnerabilities were discovered in Jetty 9,
a Java based web server and servlet engine. The HTTP/2 protocol implementation
did not sufficiently verify if HPACK header values exceed their size limit.
Furthermore the HTTP/2 protocol allowed a denial of service (server resource
consumption) because request cancellation can reset many streams quickly. This
problem is also known as Rapid Reset Attack.
Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system.
Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system.
