(Pwn2Own) Cisco RV340 JSON RPC file-copy Command Injection Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged code on the targe ...

Continue Reading
Import token permissions checking not enforced

(This advisory is canonically ) ## Problem Description The NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Impo ...

Continue Reading
Nil dereference in NATS JWT, DoS of nats-server

## Problem Description The NATS account system has an Operator trusted by the servers, which signs Accounts, and each Account can then create and sign Users within their account. The Operator should ...

Continue Reading
Incorrect handling of credential expiry by NATS Server

## Problem Description NATS nats-server through 2020-10-07 has Incorrect Access Control because of how expired credentials are handled. The NATS accounts system has expiration timestamps on credential ...

Continue Reading
Potential segfault in SPIFFE authenticator

### Impact Several vulnerabilities have been reported in the `time` and `chrono` crates related to handling of calls to `localtime_r`. You can follow some of the discussions [here](https://github.com/ ...

Continue Reading
(RHSA-2022:1275) Important: Red Hat OpenShift Service Mesh 2.1.2 security update

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers ...

Continue Reading
(RHSA-2022:1276) Important: Red Hat OpenShift Service Mesh 2.0.9 security update

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers ...

Continue Reading
SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts

A [server-side request forgery (SSRF) flaw]() in an API of a large financial technology (fintech) platform potentially could have compromised millions of bank customers, allowing attackers to defraud ...

Continue Reading

Back to Main

Subscribe for the latest news: