Vulnerability in OpenIDC/cjose (CVE-2023-37464)
A high risk vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE) on which mod_auth_openidc depends. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag...
Intel Downfall Vulnerability
A potential security vulnerability CVE-2022-40982 in some IntelĀ® Processors may allow information disclosure. Intel is releasing firmware updates and an optional software sequence to mitigate this potential vulnerability. For details see SVG Advisory...
Use-after-free vulnerability in the tcindex in the Linux kernel
A Use After Free vulnerability (CVE-2023-1281 and CVE-2023-1829) in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. Kernel upgrade is recommended. Since an attacker can elevate privileges to root, this vulnerability is considered as...
BMC vulnerabilities
Two vulnerabilities have been found that enable bypassing authentication or injecting malicious code via Redfish remote management interfaces. CVE-2023-34329 - Authentication Bypass via HTTP Header SpoofingCVE-2023-34330 - Code injection via Dynamic Redfish Extension...
Zenbleed speculative execution vulnerability
A speculative execution vulnerability has been discovered in AMD Zen 2 CPUs.This vulnerability has been dubbed "Zenbleed". A malicious actor could steal sensitive data, such as passwords and encryption keys,resident in the CPU cores. Sensitive data could be extracted...
Critical vulnerability for OpenStack with iSCSI or FC-based volumes
A vulnerability has been reported in OpenStack concerning an inconsistency between Cinder and Nova, CVE-2023-2088. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is on...