USN-6208-1: Gorilla WebSocket vulnerability It was discovered that Gorilla WebSocket incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. Source: USN-6208-1: Gorilla WebSocket vulnerability
USN-6207-1: Linux kernel (Intel IoTG) vulnerabilities It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1076) It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-1077) It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash). (CVE-2023-1079) It was discovered that the Xircom PCMCIA network device driver in the Linux kernel did not properly handle device removal [ more… ]
USN-6206-1: Linux kernel (OEM) vulnerabilities Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35788, LP: #2023577) It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-4842) Seth Jenkins discovered that the CPU data to memory implementation for x86 processors in the Linux kernel did not properly perform address randomization. A local attacker could use this to expose sensitive information (kernel memory) or in conjunction with another kernel vulnerability. (CVE-2023-0597) It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata [ more… ]
USN-6205-1: Linux kernel (GKE) vulnerabilities Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-35788, LP: #2023577) It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information (kernel memory) or possibly cause undesired behaviors. (LP: #2023220) Source: USN-6205-1: Linux kernel (GKE) vulnerabilities
Fighting notification spam in Microsoft Edge Web site notifications are great for staying up to date on your favorite webapps, but they can also be used to spam you with messages that can be unwanted or even misleading. We’ve made changes to help customers avoid these spammy messages and increase their peace of mind.Edge now blocks prompts like these from unfamiliar sites to help protect users from aggressive fake advertising.Sites intending to spam visitors will try to trick users to allow notifications, like in the example above. This site is really trying to get permission to show spammy notifications. Within minutes, this site pushed dozens of fake warnings, all trying to trick victim users into buying software. While these notifications don’t cause direct harm on their own, they can be unsettling and some customers don’t know how to disable them. [ more… ]
Copyright © 2026 | WordPress Theme by MH Themes
