Read Time:11 Second
Shang-Hung Wan discovered multiple vulnerabilities in the Expat
XML parsing C library, which could result in denial of service or
potentially the execution of arbitrary code.
Monthly Archives: September 2024
DSA-5771-1 php-twig – security update
Read Time:9 Second
Fabien Potencier discovered that under some conditions the sandbox
mechanism of Twig, a template engine for PHP, could by bypassed.
CIS Hardened Images: Reconciling Cloud Security and Services
Read Time:7 Second
Don’t want cloud security to limit performance or availability? Learn how we’ve been testing CIS Hardened Images with cloud services to support your needs!
White House to Tackle AI-Generated Sexual Abuse Images
Read Time:4 Second
White House issues new voluntary commitments to combat image-based sexual abuse in AI
Legacy Ivanti Cloud Service Appliance Being Exploited
Read Time:11 Second
CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer being supported.
Welcome to the security nightmare that is the Internet of Things.
Half of UK Firms Lack Basic Cybersecurity Skills
Read Time:9 Second
A new government report reveals that nearly half of UK businesses lack basic cybersecurity skills, while advanced skills like penetration testing and incident management are even more scarce
Advanced Phishing Attacks Put X Accounts at Risk
Read Time:5 Second
SIM swapping and “adversary-in-the-middle” can bypass security for accounts on X (formerly Twitter)
USN-7015-1: Python vulnerabilities
Read Time:53 Second
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could possibly
use this issue to bypass certain protection mechanisms. (CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue to
cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)
It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)
It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of service.
(CVE-2024-8088)
USN-7014-1: nginx vulnerability
Read Time:13 Second
It was discovered that the nginx ngx_http_mp4 module incorrectly handled
certain malformed mp4 files. In environments where the mp4 directive is in
use, a remote attacker could possibly use this issue to cause nginx to
crash, resulting in a denial of service.
USN-7013-1: Dovecot vulnerabilities
Read Time:21 Second
It was discovered that Dovecot incorrectly handled a large number of
address headers. A remote attacker could possibly use this issue to cause
Dovecot to consume resources, leading to a denial of service.
(CVE-2024-23184)
It was discovered that Dovecot incorrectly handled very large headers. A
remote attacker could possibly use this issue to cause Dovecot to consume
resources, leading to a denial of service. (CVE-2024-23185)