Elasticsearch Log Information Disclosure Vulnerability

Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch that stems from sensitive information being logged in Kibana logs when logging JSON layouts or schema layouts configured to log %meta patterns...

PT-2023-6408 · Spring · Spring Amqp

Name of the Vulnerable Software and Affected Versions: Spring AMQP versions 1.0.0 through 2.4.16 Spring AMQP versions 3.0.0 through 3.0.9 Description: The issue is related to shortcomings in the deserialization mechanism of the Spring AMQP RabbitMQ application. This could allow a remote attacker ...

How Is Machine Learning Used in Fraud Detection?

By Owais Sultan Machine learning is transforming fraud detection by swiftly identifying unusual patterns in data, helping prevent financial losses and… This is a post from HackRead.com Read the original post: How Is Machine Learning Used in Fraud Detection?...

Debian dla-3613 : curl - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3613 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3613-1 [email protected]...

DakshSCRA - Source Code Review Assist

Daksh SCRA Source Code Review Assist tool is built to enhance the efficiency of the source code review process, providing a well-structured and organized approach for code reviewers. Rather than indiscriminately flagging everything as a potential issue, Daksh SCRA promotes thoughtful analysis,...

Multiple soundness issues

lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...

AlmaLinux 8 : curl (ALSA-2023:4523)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:4523 advisory. - An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-2608)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as 'Subjec...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-2578)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as 'Subjec...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2023-2350)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as 'Subjec...

Part 1: An In-Depth Look at the Latest Vulnerability Threat Landscape

The number of vulnerabilities is steadily increasing over the years, as evidenced by the 206,000 vulnerabilities reported and still counting in the National Vulnerability Database NVD. With each subsequent year, this trend has persisted since 2016, surpassing the previous vulnerability count. In...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server April 2023 CPU that is bundled with IBM WebSphere Application Server Patterns

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM® Java SDK...

Unveiling the Unseen: Identifying Data Exfiltration with Machine Learning

Why Data Exfiltration Detection is Paramount? The world is witnessing an exponential rise in ransomware and data theft employed to extort companies. At the same time, the industry faces numerous critical vulnerabilities in database software and company websites. This evolution paints a dire pictu...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server January 2023 CPU that is bundled with IBM WebSphere Application Server Patterns

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM® Java SDK...

New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT

The revolutionary technology of GenAI tools, such as ChatGPT, has brought significant risks to organizations' sensitive data. But what do we really know about this risk? A new research by Browser Security company LayerX sheds light on the scope and nature of these risks. The report titled...

Improper Certificate Validation

curl is vulnerable to Improper Certificate Validation. The vulnerability allows matching of wildcard patterns when listed as 'Subject Alternative Name' in TLS server certificates and could result in accepting patterns that otherwise should be mismatched...

Borrower can reject receiving ETH thus prevent lender from calling withdrawEthWithInterest()

Lines of code Vulnerability details Impact The withdrawEthWithInterest function transfers ETH with interest back to the lender in case the loan is insolvent or the auction has concluded. It also transfers PnL to the borrower. However, if the borrower is a smart contract and rejects receiving ETH,...

CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

CVE-2023-28321

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

CVE-2023-28321

CVE-2023-28321 affects curl before 8.1.0, where a private wildcard matching function used for TLS SAN wildcard patterns can mis-match IDN hostnames. IDNs are punycode-encoded (starting with xn--), but the curl wildcard check could still accept patterns like x* that should not match, potentially a...