CVE-2023-33684

Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 Apr 19 2021 Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT protocol...

UPM Profile Gets Corrupt If Users With Same SAM Account Name In Different Domains Login

UPM profile gets corrupt if users with same SAM Account name in different domains login to the same VDA. Issue is seen with 1912 LTSR CU5 and above and 2203 LTSR CU1 and above. USER1.DomainA.com logson a VDA and then User1.DomainB.com logs on the same VDA then the local profile of user1.Domain A...

curl: HSTS ignored on multiple requests

A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity...

CVE-2023-29547

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for...

CVE-2023-29547

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for...

DEBIAN-CVE-2023-23601

Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

The vulnerability of the libcurl library, related to errors in sending HTTP POST and PUT requests using the same descriptor, allows an attacker to gain unauthorized access to protected information.

The vulnerability of the libcurl library is related to errors during the sending of HTTP requests using POST and PUT methods, where the same descriptor is used. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Nextcloud 代码问题漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Mail that originates from an SSRF attack that could allow GET requests to be sent to services running in the...

Matrix 资源管理错误漏洞

Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. Matrix Synapse suffers from a security vulnerability that stems from the fact that if both Synapse and a malicious home server join the same room, the malicious home server can trick Synapse into...

Oracle Linux 8 : php:7.4 (ELSA-2023-2903)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2903 advisory. - CVE-2015-2331: integer overflow when processing ZIP archives 1204676,1204677 - fixes for CVE-2012-1162 and CVE-2012-1163 - fix: due to an integer...

MGASA-2023-0177 Updated webkit2 packages fix security vulnerability

HTML document may be able to render iframes with sensitive user information CVE-2022-0108 maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32885 use-after-free vulnerability exists in WebCore::RenderLayer. This issue allows remote attackers to execute arbitrary code ...

Updated webkit2 packages fix security vulnerability

HTML document may be able to render iframes with sensitive user information CVE-2022-0108 maliciously crafted web content may lead to arbitrary code execution. CVE-2022-32885 use-after-free vulnerability exists in WebCore::RenderLayer. This issue allows remote attackers to execute arbitrary code ...

webkitgtk: Same Origin Policy bypass issue

A logic issue was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process unexpected cross-origin attacks...

Important: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

ALSA-2023:2834 Important: webkit2gtk3 security and bug fix update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: use-after-free issue leading to arbitrary code execution CVE-2022-42826 webkitgtk: memory corruption issue leading to arbitrary code execution CVE-2023-23517 webkitgtk: memory...

RHEL 8 : webkit2gtk3 (RHSA-2023:2834)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2834 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: use-after-free issue leadi...

Debian: Security Advisory (DLA-3419-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 9 : webkit2gtk3 (ELSA-2023-2256)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2256 advisory. 2.38.5-1 - Update to 2.38.5 Related: 2127467 2.38.4-1 - Update to 2.38.4 Related: 2127467 2.38.3-1 - Update to 2.38.3 Related: 2127467 2.38.2-1 - Updat...

Debian dla-3419 : gir1.2-javascriptcoregtk-4.0 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3419 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3419-1 [email protected]...

AlmaLinux 9 : webkit2gtk3 (ALSA-2023:2256)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2256 advisory. - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing...