Page 14 of 765 results (0.017 seconds)

CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 3

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 • https://github.com/ASkyeye/CVE-2023-0045 https://github.com/es0j/CVE-2023-0045 https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96 https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://security.netapp.com/advisory/ntap-20230714-0001 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS. A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. • https://hackerone.com/reports/1826048 https://security.gentoo.org/glsa/202310-12 https://security.netapp.com/advisory/ntap-20230309-0006 https://access.redhat.com/security/cve/CVE-2023-23915 https://bugzilla.redhat.com/show_bug.cgi?id=2167813 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 1

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity. • https://hackerone.com/reports/1813864 https://security.gentoo.org/glsa/202310-12 https://security.netapp.com/advisory/ntap-20230309-0006 https://access.redhat.com/security/cve/CVE-2023-23914 https://bugzilla.redhat.com/show_bug.cgi?id=2167797 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 4

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity. • https://github.com/JawadPy/CVE-2023-24329-Exploit https://github.com/Pandante-Central/CVE-2023-24329-codeql-test https://github.com/H4R335HR/CVE-2023-24329-PoC https://github.com/python/cpython/issues/102153 https://github.com/python/cpython/pull/99421 https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72 https://lists.fedoraproject.org/archives/list/package-announ • CWE-20: Improper Input Validation •

CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 1

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. • https://access.redhat.com/security/cve/CVE-2023-0361 https://github.com/tlsfuzzer/tlsfuzzer/pull/679 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ https://lists.fedoraproject.org/archives/list/package& • CWE-203: Observable Discrepancy •