Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[ibexa/post-install] ibexa/post-install affected by Breach with Varnish VCL
Description: Impact This is not a vulnerability in the code per se, but included platform.sh Varnish VCL templates and Apache/Nginx vhost templates enable compression of API and JSON messages. This is a potential case of the BREACH vulnerability, which affects HTTP compression, where secrets can be extracted through carefully crafted requests. The fix disables compression in these templates. Please make sure to make the same change in your configuration files, see the release notes for specific instructions. Patches See "Patched versions". v1.0: https://github.com/ibexa/post-install/commit/d91cc02623dd3263a99a94ace133c95e48909e5d v4.6: https://github.com/ibexa/post-install/commit/ae7c3c2081a862c75b90828f08bd74436ceb8fe8 Workarounds Make sure HTTP compression is disabled for REST API requests and other communication that might contain secrets. References Advisory: https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates Release notes v3.3: https://doc.ibexa.co/en/latest/update_and_migration/from_3.3/update_from_3.3/#v3341 Release notes v4.6: https://doc.ibexa.co/en/latest/update_and_migration/from_4.6/update_from_4.6/#v4614 https://github.com/ezsystems/ezplatform-http-cache/security/advisories/GHSA-mgfg-7533-7jf6 https://github.com/ibexa/http-cache/security/advisories/GHSA-fh7v-q458-7vmw https://www.breachattack.com/ References https://github.com/ezsystems/ezplatform-http-cache/security/advis...
Source: Github Advisory Database (Composer)
December 3rd, 2024 (5 months ago)
Bologna FC confirms data breach after RansomHub ransomware attack
Description: Bologna Football Club 1909 has confirmed it suffered a ransomware attack after its stolen data was leaked online by the RansomHub extortion group. [...]
Source: BleepingComputer
November 29th, 2024 (5 months ago)
Zello asks users to reset passwords after security incident
Description: Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach. [...]
Source: BleepingComputer
November 27th, 2024 (5 months ago)
Chinese hackers breached T-Mobile's routers to scope out network
Description: T-Mobile says the Chinese "Salt Typhoon" hackers who recently compromised its systems as part of a series of telecom breaches first hacked into some of its routers to explore ways to navigate laterally through the network.  [...]
Source: BleepingComputer
November 27th, 2024 (5 months ago)