Vulnerabilities (Page 8)

HTTP/2 Rapid Reset Attack [CVE-2023-44487]

Rapid Reset is a Denial of Service (DOS) attack that abuses the HTTP/2 RST_STREAM frames functionality.Where HTTP/1.1 is text-based with the more familiar header/body messages, HTTP/2 uses binary multiplexed streams, where frames are sent back and forth consisting of data and flow-control frames…


Attacking AWS Cognito with Pacu

A two-part blog series by Rhino Security Labs that talks about common issues seen in deployments using AWS Cognito, and how they automated testing and attacking of said issues.AWS Cognito is a front-end solution by AWS for user auth and authorization, typically used for web and mobile apps…


Local Privilege Escalation in the glibc's

A buffer overflow vulnerability was introduced in a 2021 patch to glibc’s dynamic loader when processing GLIBC_TUNABLES environment variables.Tunables are basically configuration settings of the runtime that can be set via key/value pairs in the form of key=val