kernel: Spectre v2 SMT mitigations problem

It was found that the Linux Kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The kernel failed to protect applications that attempted to protect against Spectre v2 leaving them open to attack from other processes...

kernel: Spectre v2 SMT mitigations problem

It was found that the Linux Kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The kernel failed to protect applications that attempted to protect against Spectre v2 leaving them open to attack from other processes...

Fortinet FortiMail Security Vulnerability

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides email security and data protection features. A security vulnerability exists in Fortinet FortiMail that stems from an incorrect authorization vulnerability that allows an authenticated...

Micronaut Security Access Control Error Vulnerability

Micronaut Security is a Micronaut Framework open source application security solution. Micronaut Security versions 3.11.0 to 3.11.1 , 3.10.0 to 3.10.2 , 3.9.0 to 3.9.6 , 3.8.0 to 3.8.4 , 3.7.0 to 3.7.4 , 3.6.0 to 3.6.6 , 3.5.0 to 3.5.3 , 3.4.0 to 3.4.3 An access control error vulnerability exists...

GHSA-QW22-8W9R-864H io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud

Summary IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Details See https://github.com/micronaut-projects/micronaut-security/blob/master/security-oauth2/src/main/java/io/micronaut/security/oauth2/client/IdTokenClaimsValidator.javaL202 This...

Amazon Linux 2 : webkitgtk4 (ALAS-2023-2270)

The version of webkitgtk4 installed on the remote host is prior to 2.40.5-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2270 advisory. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4,...

Important: webkitgtk4

Issue Overview: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. CVE-2023-28198 A logic issue was addressed with improved validation. This issue i...

PT-2023-25712 · Micronaut · Micronaut Security

Name of the Vulnerable Software and Affected Versions: Micronaut Security versions prior to 3.1.2 Micronaut Security versions prior to 3.2.4 Micronaut Security versions prior to 3.3.2 Micronaut Security versions prior to 3.4.3 Micronaut Security versions prior to 3.5.3 Micronaut Security versions...

document.domain deprecation on Chrome 115

Issue with HTTP response if the page is reliant on document.domain. Same-origin policy by setting document.domain is deprecated, and will be disabled by default...

Authorization

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information...

Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data

A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units GPU vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a group...

Amazon Linux 2 : firefox (ALASFIREFOX-2023-002)

The version of firefox installed on the remote host is prior to 102.14.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-002 advisory. Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data fr...

CVE-2023-28055

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information...

OESA-2023-1671 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: An attacke...

NVIDIA GeForce Now Security Vulnerability

NVIDIA GeForce Now NVIDIA GeForce Now,NVIDIA GeForce Now is an open cloud gaming platform from NVIDIA, USA. NVIDIA GeForce A security vulnerability exists in NVIDIA GeForce that stems from a flaw in the game launcher component, where a malicious application on the same device can handle the...

CVE-2023-35675

In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User...

PT-2023-25260 · Google · Android

Name of the Vulnerable Software and Affected Versions: MediaResumeListener.kt affected versions not specified Description: The issue is caused by a logic error in the code of MediaResumeListener.kt, specifically in the loadMediaResumptionControls function. This error allows media files played by...

same-word.com Cross Site Scripting vulnerability OBB-3655313

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-27932

A vulnerability was found in WebKitGTK. This security issue occurs when processing maliciously crafted web content that may bypass the same-origin Policy. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criter...

Noticing exceptionally high current client connections for a single server within the service group

Go check Load Balance Virtual Server's Statistics data, under theBound Service Group Members Summary tab,you've observed that the Current client connection count of specific server is significantly higher than the other servers within the same service group. In NS shell mode, "nsconmsg ConLb=2...