CVE-2023-38572

CVE-2023-38572 concerns WebKitGTK/WebKit components where a website may bypass the Same Origin Policy. The CVE is addressed with updated checks and is fixed in multiple Apple platforms: iOS 15.7.8 and iPadOS 15.7.8; iOS 16.6 and iPadOS 16.6; tvOS 16.6; macOS Ventura 13.5; Safari 16.6; watchOS 9.6...

CVE-2023-38572

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy...

The vulnerability of AMD’s microprogramming software for CPUs based on the Zen2 microarchitecture allows a hacker to access the contents of registers during other processes executed on the same CPU core.

The vulnerability of AMD’s microprogrammed software for CPUs based on the Zen2 microarchitecture is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to monitor the contents of registers during other processes executed by the same CPU core...

Apple Safari Security Updates (HT213847)

Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...

Apple Safari 安全漏洞

Apple Safari is a web browser from Apple Inc. and is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in Apple Safari versions prior to 16.6. An attacker exploiting this vulnerability is able to bypass the same-origin policy...

PT-2023-4262 · Apple +8 · Macos Ventura +14

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.7.8 iPadOS versions prior to 15.7.8 iOS versions prior to 16.6 iPadOS versions prior to 16.6 tvOS versions prior to 16.6 macOS Ventura versions prior to 13.5 Safari versions prior to 16.6 watchOS versions prior to 9.6...

Ubuntu: Security Advisory (USN-6232-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6232-1: wkhtmltopdf vulnerability

It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive...

USN-6232-1 wkhtmltopdf vulnerability

It was discovered that wkhtmltopdf was not properly enforcing the same-origin policy when processing certain HTML files. If a user or automated system using wkhtmltopdf were tricked into processing a specially crafted HTML file, an attacker could possibly use this issue to expose sensitive...

CVE-2023-1672

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...

AZL-27405 CVE-2023-1672 affecting package tang for versions less than 14-1

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host...

Tang 竞争条件问题漏洞

Tang is an open source server from latchset that binds data to the web. Tang suffers from a security vulnerability that stems from the presence of a competitive condition for key generation and key rotation, which can cause other processes on the same host to read the private key within a short...

PT-2023-33025 · Npm +1 · Cookie-Session +1

Name of the Vulnerable Software and Affected Versions: Vendure affected versions not specified Description: The issue concerns the default cookie settings in Vendure, an e-commerce GraphQL framework, which are insecure due to the SameSite setting being false by default. This setting originates fr...

CVE-2023-30674

Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie...

@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state

Impact All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be...

CVE-2023-31999

All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to...

CVE-2023-31999

All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to...

CVE-2023-2625

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...

PT-2023-20563 · Coretec 4 · Coretec 4

Name of the Vulnerable Software and Affected Versions: CoreTec 4 affected versions not specified Description: A vulnerability exists that can be exploited by an authenticated client connected to the same network segment as the system, with any level of access from VIEWER to ADMIN. The attacker ca...

CVE-2023-27716

An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it...