In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add a dc_state NULL check in dc_state_release [How] Check wheather state is NULL before releasing...
7.3AI Score
0.0004EPSS
CVE-2024-26948 drm/amd/display: Add a dc_state NULL check in dc_state_release
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add a dc_state NULL check in dc_state_release [How] Check wheather state is NULL before releasing...
7.5AI Score
0.0004EPSS
(RHSA-2024:2628) Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit (AMD-SN-3008,CVE-2024-25742,CVE-2024-25743) Bug Fix(es): kernel-rt:...
7.3AI Score
EPSS
(RHSA-2024:2627) Moderate: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit (AMD-SN-3008,CVE-2024-25742,CVE-2024-25743) Bug Fix(es): CVE-2024-25743 kernel: hw: amd: Instruction raise #VC exception at...
7.5AI Score
EPSS
Security Bulletin: NVIDIA ChatRTX - May 2024
NVIDIA has released a software update for NVIDIA® ChatRTX. To protect your system, download and install this software update from the ChatRTX Download page. Go to NVIDIA Product Security. Details This section provides a summary of potential vulnerabilities that this security update addresses and...
7.5CVSS
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' In the first if statement, we're checking if 'replay' is NULL. But in the second if statement, we're not checking if 'replay' is NULL again before calling....
6.5AI Score
0.0004EPSS
Stable Channel Update for ChromeOS / ChromeOS Flex
Hello All, The Stable channel is being updated to 124.0.6367.95 (Platform version: 15823.40.0) for most ChromeOS devices and will be rolled out over the next few days. If you find new issues, please let us know one of the following ways: File a bug Visit our Chrome OS communities General:...
8AI Score
0.0005EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add a dc_state NULL check in dc_state_release [How] Check wheather state is NULL before releasing...
6.3AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below:...
7.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' The 'stream' pointer is used in dcn10_set_output_transfer_func() before the check if 'stream' is NULL. Fixes the below:...
7.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() Since 'adev->dm.dc' in amdgpu_dm_fini() might turn out to be NULL before the call to dc_enable_dmub_notifications(), check beforehand to ensure there will n...
6.4AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1480-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1480-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic...
7.8CVSS
8AI Score
EPSS
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7123139 advisory. IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering...
7.5CVSS
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' The issue arises when the array 'adev->vcn.vcn_config' is accessed before checking if the index 'adev->vcn.num_vcn_inst' is within the bound...
6.6AI Score
0.0004EPSS
RHEL 9 : kernel (RHSA-2024:2627)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2627 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * CVE-2024-25743 hw: amd:...
6.7AI Score
EPSS
Security Bulletin: Triton Inference Server - April 2024
NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...
9CVSS
7.8AI Score
0.0004EPSS
Summary Vulnerabilities contained within libcurl (a 3rd party component) were addressed in the IBM MaaS360 Cloud Extender Agent, Configuration Utility, Email Notification, Realtime Action and Base Modules. Vulnerability Details ** CVEID: CVE-2023-46219 DESCRIPTION: **cURL libcurl could allow a...
6.5CVSS
8.4AI Score
EPSS
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC...
6.9AI Score
0.0004EPSS
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC...
6.7AI Score
0.0004EPSS
CVE-2024-3411 Insufficient Randomness When Validating an IPMI Authenticated Session
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC...
9.4AI Score
0.0004EPSS
Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details ** CVEID: CVE-2023-30441 DESCRIPTION: **IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0...
7.5CVSS
5.8AI Score
0.002EPSS
Introducing the Wallarm Q1 2024 API ThreatStats™ Report
As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we...
7.5AI Score
ThievingFox - Remotely Retrieving Credentials From Password Managers And Windows Utilities
ThievingFox is a collection of post-exploitation tools to gather credentials from various password managers and windows utilities. Each module leverages a specific method of injecting into the target process, and then hooks internals functions to gather crendentials. The accompanying blog post...
8.3AI Score
RHEL 9 : kernel-rt (RHSA-2024:2628)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2628 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...
6.7AI Score
EPSS
IBM MQ 9.3 <= 9.3.5.1 (7149581)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7149581 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that...
7.4CVSS
6.3AI Score
0.001EPSS
The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7149586 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported...
7.5CVSS
6.4AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1466-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1466-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A...
7.8CVSS
7.5AI Score
EPSS
BMC software fails to validate IPMI session.
Overview The Intelligent Platform Management Interface (IPMI) implementations in multiple manufacturer's Baseboard Management Controller (BMC) software are vulnerable to IPMI session hijacking. An attacker with access to the BMC network (with IPMI enabled) can abuse the lack of session integrity...
9.1CVSS
8.2AI Score
0.24EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related...
7.5CVSS
6.8AI Score
0.001EPSS
RHEL 9 : kernel (RHSA-2024:1248)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1248 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: inactive elements in...
7.8CVSS
8.4AI Score
0.001EPSS
Fedora 40 : xen (2024-3a36322c4b)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a36322c4b advisory. Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS...
6.5CVSS
7AI Score
0.0004EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync...
7.8CVSS
8AI Score
0.001EPSS
RHEL 9 : kernel (RHSA-2023:7749)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7749 advisory. kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) kernel: use-after-free vulnerability in the smb client component...
7.8CVSS
7.3AI Score
0.001EPSS
RHEL 7 : qemu-kvm-rhev (RHSA-2018:2258)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2258 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...
5.5CVSS
6.3AI Score
0.003EPSS
RHEL 7 : qemu-kvm-rhev (RHSA-2018:2289)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2289 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...
5.5CVSS
6.3AI Score
0.003EPSS
RHEL 7 : qemu-kvm-rhev (RHSA-2018:2364)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2364 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...
5.5CVSS
6.3AI Score
0.003EPSS
RHEL 7 : qemu-kvm-rhev (RHSA-2018:2228)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2228 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...
5.5CVSS
6.3AI Score
0.003EPSS
IBM MQ 9.2 <= 9.2.0.25 / 9.3 < 9.3.5 CD / 9.3 <= 9.3.0.17 (7123135)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7123135 advisory. Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function....
7.3CVSS
6.5AI Score
0.001EPSS
RHEL 7 : qemu-kvm-rhev (RHSA-2018:2363)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2363 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide...
5.5CVSS
7.1AI Score
0.003EPSS
Exploiting the Conditional Branch Predictor
AMD ID: AMD-SB-7015 Potential Impact: N/A Severity: N/A Summary Researchers from the University of California San Diego have shared with AMD a paper titled “Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor” that explores methods for forcing a branch...
7.1AI Score
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7149582 advisory. IBM MQ is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary...
7.5CVSS
7.8AI Score
0.0004EPSS
IBM MQ 9.2 <= 9.2.0.25 / 9.3 < 9.3.5 CD / 9.3 <= 9.3.0.17 DoS (7149583)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7149583 advisory. IBM MQ Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. (CVE-2024-25015) ...
7.5CVSS
7.4AI Score
0.0004EPSS
Last-Level Cache Side-Channel Attacks
AMD ID: AMD-SB-7019 Potential Impact: N/A Severity: N/A Summary Researchers from the University of Illinois Urbana-Champaign and Tel Aviv University have published a paper titled “Last-Level Cache Side-Channel Attacks Are Feasible in the Modern Public Cloud.” The paper does not demonstrate any...
7.2AI Score
The CISO’s Top Priority: Elevating Data-Centric Security
The shift to cloud computing has enhanced the resilience and security of most organizations. In this era of unparalleled agility and scalability, data-centric security can offer transformational opportunities for Chief Information Security Officers (CISOs) to improve data protection, compliance,...
7.2AI Score
Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny
Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative. The tech giant said it's working closely with the U.K. Competition and...
6.5AI Score
Summary Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...
9.1CVSS
8.6AI Score
0.002EPSS
This Week in Spring - Tuesday, April 23rd, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! We've had a really busy, wonderful week, as always, so let's dive right into it! We want you! ...to submit a talk to SpringOne 2024, in sunny Las Vegas! Hurry, the CFP closes May 3rd! Spring Shell 3.1.11, 3.2.4, and 3.3.0-m1...
7.1AI Score
RHEL 8 : linux-firmware (RHSA-2024:2005)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2005 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw amd:...
4.7CVSS
7.3AI Score
0.0004EPSS
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...
5.3CVSS
5.6AI Score
0.0004EPSS
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code...
5.3CVSS
5.6AI Score
0.0004EPSS