Security Advisory Description Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy ...
More info:
https://my.f5.com/manage/s/article/K000135853?utm_source=f5support&utm_medium=RSS
Security Advisory Description ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of ` ...
More info:
https://my.f5.com/manage/s/article/K000135854?utm_source=f5support&utm_medium=RSS
Security Advisory Description Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an ...
More info:
https://my.f5.com/manage/s/article/K000135795?utm_source=f5support&utm_medium=RSS
Security Advisory Description c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet ...
More info:
https://my.f5.com/manage/s/article/K000135831?utm_source=f5support&utm_medium=RSS
Security Advisory Description scp in OpenSSH through 8.3p1 allows command injection in scp.c remote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor ...
More info:
https://my.f5.com/manage/s/article/K04305530?utm_source=f5support&utm_medium=RSS
Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been ...
More info:
https://my.f5.com/manage/s/article/K000135795?utm_source=f5support&utm_medium=RSS
Publication Date: 2023/08/08 1:00 PM PDT AWS is aware of CVE-2022-40982, also known as “Gather Data Sampling” (GDS) or “Downfall”. AWS customers’ data and instances are not affected by this issue, and no customer action is required. AWS has designed and implemented its infrastructure with protections against this class of issues. Amazon EC2 instances, including Lambda, Fargate, and other AWS-managed compute and container services protect customer data against GDS
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2023-007/
Publication Date: 2023/08/08 11:30AM PDT AWS is aware of CVE-2023-20569, also known as “RAS Poisoning” or “Inception”. AWS customers’ data and instances are not affected by this issue, and no customer action is required. AWS has designed and implemented its infrastructure with protections against this class of issues. Amazon EC2 instances, including Lambda, Fargate, and other AWS-managed compute and container services, protect customer data against Inception
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2023-006/
Greetings from the VMware Security Response Center! On August 8th, 2023, a transient execution side-channel vulnerability impacting Intel processors was disclosed in INTEL-SA-00828. Described as Gather Data Sampling (GDS) and identified by CVE-2022-40982, this vulnerability has been classified as Moderate in severity with a CVSSv3.1 base score of 6.5. VMware hypervisors may be impacted by … ContinuedThe post VMware Response to Gather Data Sampling (GDS) – Transient Execution
More info:
https://blogs.vmware.com/security/2023/08/cve-2022-40982.html?utm_source=rss&utm_medium=rss&utm_campaign=cve-2022-40982
On August 8, 2023, the paper Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables was made public. The paper discusses two attacks that can cause VPN clients to leak traffic outside the protected VPN tunnel. In both instances, an attacker can manipulate routing exceptions that are maintained by the client to redirect traffic to a device that they control without the benefit of the VPN tunnel encryption. This advisory is available at the following
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-leak-Sew6g2kd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Bypassing%20Tunnels:%20Leaking%20VPN%20Client%20Traffic%20by%20Abusing%20Routing%20Tables%20Affecting%20Cisco%20AnyConnect%20Secure%20Mobility%20Client%20and%20Cisco%20Secure%20Client&vs_k=1
