4th Gen AMD EPYC™ Processors Security Vulnerabilities

CVE-2021-47140 iommu/amd: Clear DMA ops when switching domain

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf ("iommu: Add support to change default domain of an iommu group") a user can switch a device between IOMMU and direct DMA through sysfs. This doesn't work...

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:0858-1)

The remote host is missing an update for...

openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:0857-1)

The remote host is missing an update for...

CVE-2021-47144

In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix refcount leak [Why] the gem object rfb->base.obj[0] is get according to num_planes in amdgpufb_create, but is not put according to num_planes [How] put rfb->base.obj[0] in amdgpu_fbdev_destroy according to...

Missing Linux Kernel mitigations for 'Register File Data Sampling (RFDS)' hardware vulnerability (INTEL-SA-00898)

The remote host is missing one or more known mitigation(s) on Linux Kernel side for the...

Linux kernel vulnerabilities

Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems linux-oracle - Linux kernel for Oracle Cloud...

AMD Response to “ZENHAMMER: Rowhammer Attacks on AMD Zen-Based Platforms”

AMD ID: AMD-SB-7021 Potential Impact: Memory integrity Severity: N/A Summary On February 26, 2024, AMD received new research related to an industry-wide DRAM issue documented in “ZENHAMMER: Rowhammering Attacks on AMD Zen-based Platforms” from researchers at ETH Zurich. The research demonstrates...

CVE-2021-47140

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf ("iommu: Add support to change default domain of an iommu group") a user can switch a device between IOMMU and direct DMA through sysfs. This doesn't work...

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0976-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0976-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:0925-1)

The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0925-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free ...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0926-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0926-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0977-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0977-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after...

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:0975-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0975-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...

SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2024:0917-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0917-1 advisory. Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R)...

VMware ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2022-0020)

The remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities, as follows: Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker...

CVE-2023-43490

A vulnerability was found in some Intel Xeon D Processors with Intel SGX. This issue may allow a local attacker to achieve sensitive information disclosure, impacting the data confidentiality of the targeted...

CVE-2023-39368

A vulnerability was found in the bus lock regulator mechanism for some Intel processors models. This issue may allow a malicious actor to achieve a Denial of Service attack, impacting the system availability of the targeted...

CVE-2023-38575

A vulnerability was found in some Intel processors that may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted...

Security Bulletin: Multiple vulnerabilities exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager.

Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition . CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details ** CVEID:...

Security Bulletin: Vulnerability in IBM® SDK, Java™ Technology affects IBM Cloud Pak System [CVE-2022-3676]

Summary Vulnerability in IBM® SDK, Java™ Technology affect Cloud Pak System. Vulnerability Details ** CVEID: CVE-2022-3676 DESCRIPTION: **Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by improper runtime type check by the interface calls. By sending a...

gen-assist.com Cross Site Scripting vulnerability OBB-3882881

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Security Bulletin: IBM QRadar SIEM M7 Appliances are vulnerable to CVE-2022-21216

Summary IBM QRadar SIEM M7 Appliances could be vulnerable to an Intel CVE. IBM has addressed the relevant CVE. Vulnerability Details ** CVEID: CVE-2022-21216 DESCRIPTION: **IntelAtom and Intel Xeon Scalable Processors could allow a remote authenticated attacker to gain elevated privileges on the...

EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2024-1443)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Information exposure through microarchitectural state after transient execution in certain vector execution units for some...

Ubuntu: Security Advisory (USN-6701-2)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1417)

The remote host is missing an update for the Huawei...

EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2024-1415)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Information exposure through microarchitectural state after transient execution in certain vector execution units for some...

K000138966 : Intel Xeon CPU vulnerability CVE-2023-23908

Security Advisory Description Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-23908) Impact This vulnerability may allow a privileged user to enable information.....

EulerOS Virtualization 2.11.1 : openssl (EulerOS-SA-2024-1417)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal...

EulerOS Virtualization 2.11.0 : openssl (EulerOS-SA-2024-1445)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1445)

The remote host is missing an update for the Huawei...

Speculative Race Condition

Modern CPU architectures supporting speculative execution are vulnerable to a Speculative Race Condition (SRC) vulnerability, akin to Spectre V1. The vulnerability arises from race conditions that allow an unauthenticated attacker to exploit speculative executable code paths, potentially...

linux-gcp, linux-gcp-4.15 vulnerabilities

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA...

Security Bulletin: Vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel can affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as...

GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace

Summary and impact [GoogleOAuthenticator.hosted_domain] is used to restrict what Google accounts can be authorized to access a JupyterHub. The restriction is intended to ensure Google accounts are part of one or more Google organizations/workspaces verified to control specified domain(s). The...

GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace

Summary and impact [GoogleOAuthenticator.hosted_domain] is used to restrict what Google accounts can be authorized to access a JupyterHub. The restriction is intended to ensure Google accounts are part of one or more Google organizations/workspaces verified to control specified domain(s). The...

Popup Maker – Popup for opt-ins, lead gen, & more < 1.18.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as...

Linux kernel vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-gcp-6.5 - Linux kernel for Google Cloud Platform (GCP) systems linux-hwe-6.5 - Linux hardware...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems linux-raspi - Linux kernel for Raspberry Pi...

Linux kernel (GCP) vulnerabilities

Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-gcp-4.15 - Linux kernel for Google Cloud Platform (GCP) systems Details Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform...

CVE-2023-32260

Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX)....

CVE-2023-32260

Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX)....

CVE-2023-32259

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05,...

CVE-2023-32259

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05,...

CVE-2023-32260 A potential Misinterpretation of Input vulnerability has been identified in SMAX, AMX, and HCMX products.

Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX)....

CVE-2023-32259 Potential Insufficient Access Control vulnerability has been identified in OpenText™ SMAX/AMX products.

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05,...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Jan 2024. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in...

Ubuntu: Security Advisory (USN-6699-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-6701-1)

The remote host is missing an update for...

linux, linux-aws, linux-hwe, linux-kvm, linux-oracle vulnerabilities

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service (bluetooth communication). (CVE-2023-2002) It was discovered that the NVIDIA...