Intel Details CPU ‘Virtual Fences’ Fix As Safeguard Against Spectre, Meltdown Flaws

Intel introduced hardware-based protections to its new chips to protect against the Spectre and Meltdown flaws that rocked the silicon industry when the vulnerabilities were made public in early 2018. Spectre and Meltdown, which account for three variants of a side-channel analysis security issue...

In-Spectre-Meltdown - Tool to identify Meltdown & Spectre Vulnerabilities in processors

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 Meltdown and CVE-2017-5715 Spectre allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways ...

Updated python-rope packages fix security vulnerabilities

The python-rope utility has been caught passing remotely supplied data to pickle.load, enabling possible code-execution attacks. This can happen when the 'performdoa' dynamic object analysis option is enabled, which it previously had been by default. This update changes the default configuration ...

LiveZilla 5.0.1.4 - Remote Code Execution

LiveZilla 5.0.1.4 - Remote Code Execution CVE-2013-6225: Security Advisory – Curesec Research Team 1. Introduction Advisory ID: Cure-2013-1007 Advisory URL: https://www.curesec.com/de/veroeffentlichungen /advisories.html Blog URL: https://cureblog.de/2013/11/remote-code-execution-in-livezilla/...

CVE-2002-0738

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by 1 splitting the SCRIPT tag into smaller pieces, 2 including the script in a SRC argument to an IMG tag, or 3 using "&=script" syntax...