2nd Gen AMD Ryzen™ Threadripper™ Processors “Colfax” Security Vulnerabilities

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: prometheus-nats-exporter, capslock, doppler-kubernetes-operator, jaeger-agent, prometheus-beat-exporter, crossplane-provider-azure, nerdctl, skaffold, spire-server, vexctl, gomplate, k8sgpt, kine, tekton-chains, memcached-exporter, melange, cadvisor, aactl,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: prometheus-nats-exporter, bincapz, opentofu, ko, regclient, k3d, coredns, gptscript, src-fingerprint, kubeadm-bootstrap-controller, go-md2man, ollama, grafana, shfmt, nri-mssql, gitlab-kas, certificate-transparency, nri-mysql, harbor-scanner-trivy, argo-cd, helm,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: ctop, nri-discovery-kubernetes, aws-flb-cloudwatch, sops, mage, vertical-pod-autoscaler, flannel-cni-plugin, docker-credential-ecr-login, configmap-reload, goreleaser, falco, scorecard, prometheus-stackdriver-exporter, protoc-gen-go-grpc, cass-operator, dgraph,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: prometheus-nats-exporter, capslock, doppler-kubernetes-operator, jaeger-agent, prometheus-beat-exporter, crossplane-provider-azure, nerdctl, skaffold, spire-server, vexctl, gomplate, k8sgpt, kine, tekton-chains, memcached-exporter, melange, cadvisor, aactl,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: prometheus-nats-exporter, bincapz, opentofu, ko, regclient, k3d, coredns, gptscript, src-fingerprint, kubeadm-bootstrap-controller, go-md2man, ollama, grafana, shfmt, nri-mssql, gitlab-kas, certificate-transparency, nri-mysql, harbor-scanner-trivy, argo-cd, helm,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: ctop, nri-discovery-kubernetes, aws-flb-cloudwatch, sops, mage, vertical-pod-autoscaler, flannel-cni-plugin, docker-credential-ecr-login, configmap-reload, goreleaser, falco, scorecard, prometheus-stackdriver-exporter, protoc-gen-go-grpc, cass-operator, dgraph,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: ctop, nri-discovery-kubernetes, aws-flb-cloudwatch, sops, mage, vertical-pod-autoscaler, flannel-cni-plugin, docker-credential-ecr-login, configmap-reload, goreleaser, falco, scorecard, prometheus-stackdriver-exporter, protoc-gen-go-grpc, cass-operator, dgraph,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: ctop, nri-discovery-kubernetes, aws-flb-cloudwatch, sops, mage, vertical-pod-autoscaler, flannel-cni-plugin, docker-credential-ecr-login, configmap-reload, goreleaser, falco, scorecard, prometheus-stackdriver-exporter, protoc-gen-go-grpc, cass-operator, dgraph,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ucode-intel (SUSE-SU-2024:1771-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1771-1 advisory. Intel CPU Microcode was updated to the 20240514 release (bsc#1224277) - CVE-2023-45733: Fixed...

CVE-2021-47550

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix potential memleak In function amdgpu_get_xgmi_hive, when kobject_init_and_add failed There is a potential memleak if not call...

CVE-2021-47551

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpsch already been called, the start_cpsch will not be called since...

CVE-2021-47551 drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpsch already been called, the start_cpsch will not be called since...

CVE-2021-47550 drm/amd/amdgpu: fix potential memleak

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix potential memleak In function amdgpu_get_xgmi_hive, when kobject_init_and_add failed There is a potential memleak if not call...

Pug allows JavaScript code execution if an application accepts untrusted input

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...

Pug allows JavaScript code execution if an application accepts untrusted input

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...

CVE-2021-47262

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint message Use the __string() machinery provided by the tracing subystem to make a copy of the string literals consumed by the "nested VM-Enter failed" tracepoint. A...

CVE-2021-47253

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential memory leak in DMUB hw_init [Why] On resume we perform DMUB hw_init which allocates memory: dm_resume->dm_dmub_hw_init->dc_dmub_srv_create->kzalloc That results in memory leak in suspend/resu...

CVE-2021-47226

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer Both Intel and AMD consider it to be architecturally valid for XRSTOR to fail with #PF but nonetheless change the register state. The actual conditions under...

CVE-2023-52819

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga For pptable structs that use flexible array sizes, use flexible arrays. Mitigation...

CVE-2023-52818

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 For pptable structs that use flexible array sizes, use flexible arrays. Mitigation...

CVE-2023-52816

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix shift out-of-bounds issue [ 567.613292] shift exponent 255 is too large for 64-bit type 'long unsigned int' [ 567.614498] CPU: 5 PID: 238 Comm: kworker/5:1 Tainted: G OE 6.2.0-34-generic #34~22.04.1-Ubuntu [...

CVE-2023-52812

In the Linux kernel, the following vulnerability has been resolved: drm/amd: check num of link levels when update pcie param In SR-IOV environment, the value of pcie_table->num_of_link_levels will be 0, and num_of_levels - 1 will cause array index out of bounds Mitigation...

CVE-2023-52773

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() When ddc_service_construct() is called, it explicitly checks both the link type and whether there is something on the link which will dictate whether the pin.....

CVE-2023-52862

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that is printed when the Display Core (DC) fails to initialize. The original message includes the DC...

Personal AI Assistants and Privacy

Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called "Recall" for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall...

RHEL 8 : linux-firmware (RHSA-2024:3178)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3178 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw:...

From trust to trickery: Brand impersonation over the email attack vector

Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. Talos has discovered a wide range of techniques threat actors use to embed and deliver brand logos via emails to their victims. Talos is providing...

CVE-2021-47348

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid HDCP over-read and corruption Instead of reading the desired 5 bytes of the actual target field, the code was reading 8. This could result in a corrupted value if the trailing 3 bytes were non-zero, so...

CVE-2021-47362

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Update intermediate power state for SI Update the current state as boot state during dpm initialization. During the subsequent initialization, set_power_state gets called to transition to the final power state....

CVE-2021-47390

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm] Read of size 8 at addr...

CVE-2021-47410

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix svm_migrate_fini warning Device manager releases device-specific resources when a driver disconnects from a device, devm_memunmap_pages and devm_release_mem_region calls in svm_migrate_fini are redundant. It causes....

(RHSA-2024:3178) Important: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...

Fedora 39 : kernel (2024-49fcf86f58)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-49fcf86f58 advisory. Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may...

Fedora 40 : kernel (2024-92664ae6fe)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-92664ae6fe advisory. Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may...

CentOS 8 : pcs (CESA-2024:2953)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:2953 advisory. Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack's media type parser to take much longer than...

CentOS 8 : linux-firmware (CESA-2024:3178)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3178 advisory. Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s)...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary IBM® SDK Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable issues, CVE-2023-22081, CVE-2023-22067, and CVE-2023-5676 Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified...

Vulnerabilities in BIG-IP Next Central Manager allows control of managed devices

Introduction In May 2024, new vulnerabilities have been identified in BIG-IP Next Central Manager, raising considerable security concerns. This discovery follows closely on the heels of a critical vulnerability revealed in April within Palo Alto's firewalls with enabled GlobalProtect feature,...

CVE-2023-52862

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that is printed when the Display Core (DC) fails to initialize. The original message includes the DC...