Security vulnerability
-
Emergency notification: Apache Struts2 high-risk vulnerability exposes remote code execution vulnerability - upgrade immediately
Apache Struts code execution vulnerability (CVE-2023-50164) allows attackers to control file upload parameter execution path traversal, and in some cases can upload malicious files to execute arbitrary code.
-
Apache Ofbiz xml-RPC remote code execution vulnerability (CVE-2023-49070)
Apache OFBiz is an open source product for enterprise process automation. It includes framework components and business applications for ERP, CRM, e-commerce, supply chain management and manufacturing resource planning. There is a remote code execution vulnerability in Apache OFBiz before version 18.12.10. Because xml-RPC is no longer maintained, an authenticated attacker can use xml-RPC to conduct remote code execution exploits and control the server.
-
HTTP/2 zero-day vulnerability (CVE-2023-44487) triggered the largest denial of service attack in history
Recently, Google announced the HTTP/2 protocol vulnerability CVE-2023-44487.
Attackers can use this vulnerability to launch low-cost and very large-scale attacks (http2-rapid-reset-ddos-attack). Attackers used this method to launch attacks on Google Cloud Platform customers starting in August. In one attack, the attacker issued up to 398 million requests in 1 second, which is also the highest number of requests per second on record. an attack. -
[Early Warning] Serious security vulnerabilities exposed in curl and libcurl libraries
Description: cURL is a widely used multi-functional open source command line tool that uses URL syntax to transmit data and supports a variety of network protocols including SSL, TLS, HTTP, FTP, and SMTP. libcurl is…