The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. ### Detail The gateway only authenticates endpoints detected from DNS SRV records, and it o ...

Continue Reading

October 10, 2022

etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess o ...

Continue Reading

October 10, 2022

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are be ...

Continue Reading

October 10, 2022

This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an ar ...

Continue Reading

October 10, 2022

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed ...

Continue Reading

October 10, 2022

Vulnerability Management is a foundational component of any cybersecurity program for the implementation of appropriate security controls and the management of cyber risk. Earlier this year Qualys int ...

Continue Reading

October 10, 2022

[![Cyberespionage Group Earth Aughisky](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEh2oCJyA4hqYgoIYo5sLDo6zyST7yixChzpN19weBowzU3D8upgHXF8UHl5AlzpEahQqhyg6HMVjJ3MetZFZnbURWCW9FhJNdlELhwE ...

Continue Reading

October 10, 2022

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, mo ...

Continue Reading

October 10, 2022