537 matches found
GHSA-CG23-QF8F-62RR
creationtimestamp| type| source ---|---|--- 2024-11-13 16:20:12+00:00| seen| https://infosec.exchange/users/cve/statuses/113476554727172279...
State Injection Into Hardware Prefetchers
Bulletin ID: AMD-SB-7023 Potential Impact: Data leakage via Side Channels Severity: N/A Summary A research paper titled ‘ ShadowLoad: Injecting State into Hardware Prefetchers ’ was provided to AMD in February 2024. The paper discusses the possibility for prefetchers to be used to inject cache...
What Google's U-Turn on Third-Party Cookies Means for Chrome Privacy
Earlier this year, Google ditched its plans to abolish support for third-party cookies in its Chrome browser. While privacy advocates called foul, the implications for users is not so clear cut...
BIT-GITLAB-2023-3441 Exposure of Sensitive Information Due to Incompatible Policies in GitLab
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches...
GHSA-4F8R-QQR9-FQ8J Incorrect delegation lookups can make go-tuf download the wrong artifact
During the ongoing work on the TUF conformance test suite, we have come across a test that reveals what we believe is a bug in go-tuf with security implications. The bug exists in go-tuf delegation tracing and could result in downloading the wrong artifact. We have come across this issue in the...
Incorrect delegation lookups can make go-tuf download the wrong artifact
During the ongoing work on the TUF conformance test suite, we have come across a test that reveals what we believe is a bug in go-tuf with security implications. The bug exists in go-tuf delegation tracing and could result in downloading the wrong artifact. We have come across this issue in the...
CVE-2023-3441 Exposure of Sensitive Information Due to Incompatible Policies in GitLab
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches...
CVE-2023-3441
CVE-2023-3441 details (from provided documents): GitLab EE/CE versions 8.0 through 16.3/16.4 are affected by an issue where the product did not sufficiently warn about the security implications of granting merge rights to protected branches. Root cause described as inadequate warning/messaging; s...
CVE-2023-3441 Exposure of Sensitive Information Due to Incompatible Policies in GitLab
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches...
CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs
Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...
CVE-2024-47061
The CVE-2024-47061 issue affects Plate editors using @udecode/plate-core, where arbitrary DOM attributes can be injected via nodeProps (often from the attributes property), enabling cross-site scripting (XSS) and potential information exposure (e.g., user IPs and whether a malicious document is o...
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes
Impact One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the node component using the nodeProps prop. Note: The attributes prop that is typically rendered alongside nodeProps is...
CVE-2024-45410
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...
CVE-2024-45410
Traefik vulnerability CVE-2024-45410 involves hop-by-hop header handling where X-Forwarded-Host/X-Forwarded-Port (and related headers) could be modified by a client in HTTP/1.1, enabling header manipulation that trusted backend apps may rely on for security decisions. The issue arises from how Tr...
CVE-2024-45410 HTTP client can remove the X-Forwarded headers in Traefik
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...
CVE-2024-45410 HTTP client can remove the X-Forwarded headers in Traefik
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...
CVE-2024-45410
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...
CVE-2024-45410 HTTP client can remove the X-Forwarded headers in Traefik
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...
CVE-2024-45410
A flaw was found in Traefik. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since t...
CVE-2022-48895
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". He suggests he got "lucky" and just hit the correct spot for the reboot while ther...