Aggregator

A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use of hard-coded password. The identification of this vulnerability is CVE-2025-7453. The attack may be initiated remotely. Furthermore, there is an exploit available.

Advanced Micro Devices has disclosed a series of critical security vulnerabilities affecting multiple generations of its processor architectures, stemming from transient scheduler attacks that exploit speculative execution mechanisms. The vulnerabilities, identified through four distinct Common Vulnerabilities and Exposures (CVE) entries, pose significant risks to data confidentiality across enterprise and consumer computing environments. The security flaws […]

The post AMD Warns of Transient Scheduler Attacks Affecting Wide Range of Chipsets appeared first on Cyber Security News.

Submit #608447 / VDB-316097

The Apache Software Foundation has released Apache HTTP Server version 2.4.64, addressing eight critical security vulnerabilities that affected versions spanning from 2.4.0 through 2.4.63.  This latest update resolves a range of issues, including HTTP response splitting, server-side request forgery (SSRF), and denial of service vulnerabilities that could potentially compromise server security and performance. Key Takeaways1. […]

The post Apache HTTP Server 2.4.64 Released With Patch for 8 Vulnerabilities appeared first on Cyber Security News.

A vulnerability was found in kone-net go-chat up to f9e58d0afa9bbdb31faf25e7739da330692c4c63. It has been declared as critical. This vulnerability affects the function GetFile of the file go-chat/api/v1/file_controller.go of the component Endpoint. The manipulation of the argument fileName leads to path traversal. This vulnerability was named CVE-2025-7452. The attack can be initiated remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

法国国家信息与自由委员会（CNIL）发布关于数据转移影响评估（TIA）的指南，帮助组织将个人数据转移到欧盟以外地区时确保符合GDPR要求。指南基于2025年1月公开咨询结果制定，涵盖评估步骤、注意事项及合规建议。

当前环境出现异常问题，需完成验证后才能继续访问相关内容或服务。

当前环境出现异常问题，需完成验证后才能继续访问相关内容或服务。

Submit #607818 / VDB-316096

A vulnerability was found in letseeqiji gorobbs up to 1.0.8. It has been classified as critical. This affects the function ResetUserAvatar of the file controller/api/v1/user.go of the component API. The manipulation of the argument filename leads to path traversal. This vulnerability is uniquely identified as CVE-2025-7450. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Linux Kernel up to 6.3-rc3. This affects the function slimpro_i2c_blkwr of the file drivers/i2c/busses/i2c-xgene-slimpro.c of the component i2c. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2023-2194. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.2.8 and classified as critical. Affected by this issue is the function cond_resched. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-53051. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects unknown code of the component Traffic Control Subsystem. The manipulation leads to denial of service. This vulnerability was named CVE-2022-4269. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Submit #607799 / VDB-316095

The Intelligence and Security Committee has warned of Iran’s “aggressive” and “extensive” cyber capabilities

AMD has issued a security bulletin, AMD-SB-7029, highlighting several transient scheduler attacks that exploit speculative execution timing in its processors, potentially leading to loss of confidentiality. These vulnerabilities stem from investigations into a Microsoft report on microarchitectural leaks, revealing side-channel attacks where attackers could infer sensitive data through execution timing under specific conditions. Rated at […]

The post AMD Warns of Transient Scheduler Attacks Impacting Broad Range of Chipsets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Метрики отправляются автоматически — без уведомлений и диалогов.