CVE-2026-44575

Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16 and 16.2.5, App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route variants used for segment...

$Ρ$Hammer: Reviving RowHammer Attacks on New Architectures Via Prefetching

Rowhammer is a critical vulnerability in dynamic random access memory DRAM that continues to pose a significant threat to various systems. However, we find that conventional load-based attacks are becoming highly ineffective on the most recent architectures such as Intel Alder and Raptor Lake. In...

EUVD-2010-0495

Malware in sbrugna...

EUVD-2009-4595

Malware in sbrugna...

EUVD-2009-4594

Malware in sbrugna...

EUVD-2010-3792

Malware in sbrugna...

EUVD-2010-3808

Malware in sbrugna...

EUVD-2010-0494

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2010-3829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching...

CVE-2024-53098

CVE-2024-53098 affects the Linux kernel DRM XE ufence path. The root cause is that access_ok() only checks for addr overflow and may also read the user-supplied address to catch invalid addresses, coupled with prefetching ufence addresses to detect bogus ones. The issue is remedied by a kernel fi...

Mozilla Firefox and Thunderbird Information Disclosure Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. Mozilla Firefox and Thunderbird have an information disclosure vulnerability that is caused by a CSP violation...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. Mozilla Firefox and Thunderbird have an information disclosure vulnerability that is caused by a CSP violation...

SUSE CVE-2009-4630

Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the...

SUSE CVE-2009-4629

Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APPTYPEMAIL or APPTYPEEDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as...

SUSE CVE-2010-0463

Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests...

SUSE CVE-2010-3813

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2023-1156)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-3204

A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for...

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its...

Access Restrictions Bypass

WebKitGTK+ is vulnerable to access restriction bypass. The attack exists because of a flaw found in the way WebKit handled DNS prefetching. Even when it was disabled, web content containing certain "link" elements could cause WebKitGTK+ to perform DNS prefetching...