AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC

Summary AsyncSSH v2.14.1 and earlier is vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack, which allows a man-in-the-middle attacker to strip an arbitrary number of messages right after the initial key exchange, breaking SSH extension negotiation RFC8308 in the process and thu...

GLSA-202212-02 : Unbound: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202212-02 Unbound: Multiple Vulnerabilities - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by targeting an Unbound instance. Unbound...

CVE-2022-30699

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue...

CVE-2022-30699 Novel "ghost domain names" attack by updating almost expired delegation information

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue...

Uber: Lack of proper paymentProfileUUID validation allows any number of free rides without any outstanding balance

@eequalsmc2 discovered that when requesting a ride, it was possible to intercept the request and forward it with 3 random characters at the end of the paymentProfileUuid parameter. This would cause the ride to disappear from both the Rider and Driver's trip history, the Rider would not be charged...