webkitgtk: bypass Same Origin Policy

A flaw was found in WebKitGTK. This flaw exists due to an error when handling the Same Origin Policy. A remote attacker can bypass Same Origin Policy restrictions...

webkitgtk: Same Origin Policy bypass via crafted web content

A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may bypass the same-origin Policy...

Important: webkit2gtk3 security and bug fix update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: arbitrary code execution CVE-2023-32393 webkitgtk: bypass Same Origin Policy CVE-2023-38572 webkitgtk: Processing web content may lead to arbitrary code execution CVE-2023-38592...

ALSA-2023:6535 Important: webkit2gtk3 security and bug fix update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: arbitrary code execution CVE-2023-32393 webkitgtk: bypass Same Origin Policy CVE-2023-38572 webkitgtk: Processing web content may lead to arbitrary code execution CVE-2023-38592...

CVE-2023-5766

A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox vulnerabilities (USN-3896-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3896-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacke...

Coin Flips Are Biased

Experimental result: Many people have flipped coins but few have stopped to ponder the statistical and physical intricacies of the process. In a preregistered study we collected 350,757 coin flips to test the counterintuitive prediction from a physics model of human coin tossing developed by Pers...

CVE-2023-36556

An incorrect authorization vulnerability CWE-863 in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests...

kernel: Spectre v2 SMT mitigations problem

It was found that the Linux Kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The kernel failed to protect applications that attempted to protect against Spectre v2 leaving them open to attack from other processes...

kernel: Spectre v2 SMT mitigations problem

It was found that the Linux Kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The kernel failed to protect applications that attempted to protect against Spectre v2 leaving them open to attack from other processes...

Fortinet FortiMail Security Vulnerability

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides email security and data protection features. A security vulnerability exists in Fortinet FortiMail that stems from an incorrect authorization vulnerability that allows an authenticated...

Micronaut Security Access Control Error Vulnerability

Micronaut Security is a Micronaut Framework open source application security solution. Micronaut Security versions 3.11.0 to 3.11.1 , 3.10.0 to 3.10.2 , 3.9.0 to 3.9.6 , 3.8.0 to 3.8.4 , 3.7.0 to 3.7.4 , 3.6.0 to 3.6.6 , 3.5.0 to 3.5.3 , 3.4.0 to 3.4.3 An access control error vulnerability exists...

GHSA-QW22-8W9R-864H io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud

Summary IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Details See https://github.com/micronaut-projects/micronaut-security/blob/master/security-oauth2/src/main/java/io/micronaut/security/oauth2/client/IdTokenClaimsValidator.javaL202 This...

PT-2023-25712 · Micronaut · Micronaut Security

Name of the Vulnerable Software and Affected Versions: Micronaut Security versions prior to 3.1.2 Micronaut Security versions prior to 3.2.4 Micronaut Security versions prior to 3.3.2 Micronaut Security versions prior to 3.4.3 Micronaut Security versions prior to 3.5.3 Micronaut Security versions...

Important: webkitgtk4

Issue Overview: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. CVE-2023-28198 A logic issue was addressed with improved validation. This issue i...

Amazon Linux 2 : webkitgtk4 (ALAS-2023-2270)

The version of webkitgtk4 installed on the remote host is prior to 2.40.5-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2270 advisory. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4,...

document.domain deprecation on Chrome 115

Issue with HTTP response if the page is reliant on document.domain. Same-origin policy by setting document.domain is deprecated, and will be disabled by default...

Authorization

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information...

Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data

A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units GPU vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a group...

Amazon Linux 2 : firefox (ALASFIREFOX-2023-002)

The version of firefox installed on the remote host is prior to 102.14.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-002 advisory. Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data fr...