Multiple HTTP/2 implementations are vulnerable to denial-of-service attacks

Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. Netflix discovered several resource exhaustion vectors affecting a

Read more

OceanLotus Targeting ASEAN Events And Members

Telsy published a blog post analyzing what they believe to be OceanLotus attacks targeting the Association of Southeast Asian Nations

Read more

Envoy Normalized HTTP URL Paths Access Control Bypass Vulnerability [CVE-2019-9901]

CVE Number – CVE-2019-9901 A vulnerability in Envoy could allow an unauthenticated, remote attacker to bypass security restrictions and conduct

Read more

GNOME WebKitGTK Configured HTTP Proxy Settings Vulnerability [CVE-2019-11070]

CVE Number – CVE-2019-11070 A vulnerability in GNOME WebKitGTK could allow an unauthenticated, remote attacker to conduct a deanonymization attack

Read more

Gradle Insecure HTTP URLs Man-in-the-Middle Attack Vulnerability [CVE-2019-11065]

CVE Number – CVE-2019-11065 A vulnerability in Gradle could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack on

Read more

PowerDNS Authoritative Server HTTP Request Input Validation Vulnerability [CVE-2019-3871]

CVE Number – CVE-2019-3871 A vulnerability in PowerDNS Authoritative Server could allow an authenticated, remote attacker to cause a denial

Read more

Shellinabox shellinaboxd Multipart/Form-data HTTP Request Denial of Service Vulnerability [CVE-2018-16789]

CVE Number – CVE-2018-16789 A vulnerability in the shellinaboxd component of Shellinabox could allow an unauthenticated, remote attacker to cause

Read more

Keepalived HTTP Status Codes Parsing Heap-Based Buffer Overflow Vulnerability [CVE-2018-19115 ]

CVE Number – CVE-2018-19115 A vulnerability in the extract_status_code() function of Keepalived could allow an unauthenticated, remote attacker to cause a denial of

Read more

From Today Google Chrome Will Label All HTTP Sites As ‘Not Secure’

The latest version of Chrome (version 68) will now mark all HTTP sites as “not secure.” Up to this point,

Read more

Browser Non-HTTPS Website Warning

Google have announced (details here) that all HTTP sites will be marked as insecure in version 68 of their Chrome

Read more
%d bloggers like this: