CVE-2023-43041

IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808...

Spectre-v2 Domain Isolation

AMD ID: AMD-SB-7034 Potential Impact: N/A Severity: N/A Summary Researchers from VU Amsterdam have shared with AMD a paper exploring the effectiveness of domain isolation against Spectre-v2 type attacks. AMD believes the techniques described by the researchers are not applicable to AMD products...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from credentials provided through the new GOAUTH feature not being properly segmented by domain, allowing malicious...

Xen Security Vulnerabilities

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. A security vulnerability exists in Xen 4....

SUSE CVE-2007-6207

Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for movtorr, which allows a VTi domain to read memory of other domains...

SUSE CVE-2009-1691

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript...

SUSE CVE-2017-12855

Xen maintains the GTFread,writing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the...

Flash cross-domain data hijacking vulnerability,a large wave of site affected-vulnerability warning-the black bar safety net

0×0 1，Background Many of the uploaded file to the back-end logic in the realization, only validate the file extension and Content-Type, not uploading the contents of the file for verification. Typically such processing logic is simply not rigorous, will not cause too much of a security risk. But...

Qubes OS Release Enhances Security Via Domain Isolation

With the deluge of malware and advanced attacks continuing unabated, security approaches that sandbox applications or isolate processes are garnering increased attention. Researcher Joanna Rutkowska and Invisible Things Lab were the latest to go in that direction with the official release on...

CVE-2010-0716

layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files aka attachments, which allows remote authenticated users to leverage same-origin relationships and...

CVE-2010-0716

layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files aka attachments, which allows remote authenticated users to leverage same-origin relationships and...