CVE-2023-2828
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that ...
Continue Reading
June 21, 2023
CVE-2023-0026
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of ...
Continue Reading
June 21, 2023
CVE-2023-2829
A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely termina ...
Continue Reading
June 21, 2023
New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks
[]() A new malware called **Condi** has been observed exploiting a s ...
Continue Reading
June 21, 2023
CVE-2023-3325
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and i ...
Continue Reading
June 20, 2023
(RHSA-2023:3677) Important: c-ares security update
The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): * c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067) For more ...
Continue Reading
June 20, 2023
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
### Impact Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service. ### Patches The problem has b ...
Continue Reading
June 19, 2023
Uncontrolled Resource Consumption in LengthPrefixedMessageReader
### Impact Affected gRPC Swift clients and servers are vulnerable to uncontrolled resource consumption attacks. Excessive memory may be allocated when parsing messages. This can lead to a denial of se ...
Continue Reading
June 19, 2023
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec
### Impact Affected gRPC Swift servers are vulnerable to precondition failures when parsing certain gRPC Web requests. This may lead to a denial of service. ### Patches The problem has been fixed in 1 ...
Continue Reading
June 19, 2023
Denial of Service via reachable assertion
A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling `GOAWAY` frames. The attack is low-effort: it takes very little ...
Continue Reading
June 19, 2023
