Cisco Talos is disclosing a new threat actor we deemed "Starry Addax" targeting mostly human rights activists, associated with the Sahrawi Arab Democratic Republic (SADR) cause with ...
Continue ReadingApril 09, 2024
Security Advisory Description Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests ...
Continue ReadingApril 09, 2024
Security Advisory Description Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION fram ...
Continue ReadingApril 09, 2024
Security Advisory Description amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash. ( ...
Continue ReadingApril 09, 2024
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Starting in version 6.3.5.0 and prior to versions 6.6.1.0 and 6.5.8.8, when a authenticated request is made to POST /store-a ...
Continue ReadingApril 09, 2024
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible t ...
Continue ReadingApril 09, 2024
github.com/hashicorp/nomad is vulnerable to Improper Authorization. The vulnerability is due to a lack of proper access controls in the search HTTP API, allowing unauthenticated users or users without ...
Continue ReadingApril 09, 2024
Security Advisory Description Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed UR ...
Continue ReadingApril 09, 2024
Back to Main