Description
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn’t need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a
Base Score: 8.8 HIGH
CVE-2023-21535 Description Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21548. Base Score: 8.1 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21535 __________________________________ CVE-2023-21532 Description Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21552. Base Score: 7.0 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21532 ___________________________________ CVE-2023-21531 Description Azure Service Fabric Container Elevation of Privilege Vulnerability. Base […]
CVE-2022-2536 Description The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the ‘tp_translation’ AJAX action which makes it possible for unauthenticated attackers to bypass any restrictions and influence the data shown on […]
CVE-2013-0880 Description Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to databases. Base Score: 7.5 HIGH http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html
Leave a Reply