4 matches found
EUVD-2026-36541
Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2...
Step CA Has Authorization Bypass in ACME and SCEP Provisioners
Summary A security fix is now available for Step CA that resolves a vulnerability affecting deployments configured with ACME and/or SCEP provisioners. All operators running these provisioners should upgrade to the latest release v0.29.0 immediately. The issue was discovered and disclosed by a...
Apache Brooklyn vulnerable to cross-site scripting
Overview Apache Brooklyn is a framework for modeling, monitoring, and managing applications. Apache Brooklyn contains cross-site scripting vulnerabilities. It is known that proof-of-concept code to exploit these vulnerabilties exist. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc...
PT-2016-4587 · Openssl · Rust-Openssl
Name of the Vulnerable Software and Affected Versions: rust-openssl versions prior to 0.9.0 Description: The issue is related to SSL/TLS man-in-the-middle attacks due to insecure defaults in the openssl crate for Rust. Specifically, certificate verification is off by default, and there is no API...