Ryzen™ Threadripper™ 5000 Series Processors Security Vulnerabilities

Hardcoded credentials

Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic...

CVE-2023-38536

HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site...

CVE-2023-38535

Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic...

CVE-2023-38534

Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated...

Important: edk2

Issue Overview: A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to...

Security Bulletin: Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer

Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component...

ThreatDown achieves perfect score in latest AVLab assessment

ThreatDown has once again earned a perfect score in AVLabs' January 2024 real-world malware detection tests, marking the eleventh consecutive quarter in achieving this feat. Let’s delve into the details of the test and how ThreatDown outperformed competitors in exhaustive testing. The AVLab...

CVE-2024-20320

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

CVE-2024-20327

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...

CVE-2024-20327

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...

CVE-2024-20320

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

Input validation

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

Design/Logic Flaw

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...

CVE-2024-20320

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

CVE-2024-20327

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...

Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...

Cisco IOS XR Software SSH Privilege Escalation Vulnerability

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to obtain sensitive information due to an algorithm decryption implementation

Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. (CVE-2023-33850) Vulnerability Details ** CVEID: CVE-2023-33850 DESCRIPTION: **IBM GSKit-Crypto could allow a remote attacker to obtain sensitive...

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM Rational ClearCase

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. [CVE-2023-5363, CVE-2023-4807, CVE-2023-3446] Vulnerability Details ** CVEID: CVE-2023-5363 DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information,...

Threat actors leverage document publishing sites for ongoing credential and session token theft

Cisco Talos Incident Response (Talos IR) has observed the ongoing use of legitimate digital document publishing (DDP) sites for phishing, credential theft and session token theft during recent incident response and threat intelligence engagements. Hosting phishing lures on DDP sites increases the.....

What’s in your notepad? Infected text editors target Chinese users

"Malvertising" is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, our experts...

Intel 2024.1 IPU - BIOS March 2024 Security Updates

Intel has informed HP of potential security vulnerabilities identified in some Intel® Processors and/or BIOS Firmware for some Intel® Processors which may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing firmware updates to mitigate this potential...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:0857-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0857-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap...

This Week in Spring - March 12th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's going to be! Do this first: we need your help! Please answer some questions in our State of Spring survey! Join me for a look at the latest-and-greatest, chronicling how I got started with Spring Boot in...

FreeBSD : Intel CPUs -- multiple vulnerabilities (b6dd9d93-e09b-11ee-92fc-1c697a616631)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b6dd9d93-e09b-11ee-92fc-1c697a616631 advisory. Intel reports: 2024.1 IPU - Intel Processor Bus Lock Advisory A potential security...

Amazon Linux 2023 : microcode_ctl (ALAS2023-2024-559)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-559 advisory. Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access....

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:0855-1)

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0855-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free...

Microsoft and Adobe Patch Tuesday, March 2024 Security Update Review

Welcome to another insightful dive into Microsoft's Patch Tuesday! This month's security updates address a significant number of CVEs, underscoring the ongoing battle against digital vulnerabilities. We invite you to join us to review and discuss the details of these security updates and patches......

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary IBM Sterling Partner Engagement Manager uses Apache Commons FileUpload. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused.....

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details ** IBM X-Force ID: PSIRT-ADV0103951 .....

x86: Register File Data Sampling

ISSUE DESCRIPTION Intel have disclosed RFDS, Register File Data Sampling, affecting some Atom cores. This came from internal validation work. There is no information provided about how an attacker might go about inferring data from the register files. For more details, see:...

Advisory ROSA-SA-2024-2371

software: firefox 118.0.2 OS: ROSA-CHROME package_evr_string: firefox-118.0.2-1.src.rpm CVE-ID: CVE-2011-0064 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, used in Pango, Firefox, and other products, does not check for successful memory...

Medium: microcode_ctl

Issue Overview: Non-transparent sharing of return predictor targets between contexts in some Intel® Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2023-38575) Protection mechanism failure of bus lock regulator for some Intel® Processors.....

Security Bulletin: Vulnerability in commons-fileupload affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-24998]

Summary The commons-fileupload package is used by IBM Cloud Pak for Data System 2.0. IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE [CVE-2023-24998] Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of.....

CVE-2024-27279

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user....

CVE-2024-27279

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user....

Directory traversal

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user....

CVE-2024-27279

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user....

CVE-2024-27121

Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an...

CVE-2024-27121

Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an...

Path traversal

Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an...

CVE-2024-26288 PHOENIX CONTACT: Lack of SSL support in CHARX Series

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not...

CVE-2024-26288 PHOENIX CONTACT: Lack of SSL support in CHARX Series

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not...

CVE-2024-26005 PHOENIX CONTACT: Privilege gain through incomplete cleanup in CHARX Series

An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a...

CVE-2024-26004 PHOENIX CONTACT: DoS of a control agent due to access of a uninitialized pointer in CHARX Series

An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging...

CVE-2024-26004 PHOENIX CONTACT: DoS of a control agent due to access of a uninitialized pointer in CHARX Series

An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging...

CVE-2024-26003 PHOENIX CONTACT: DoS of the control agent in CHARX Series

An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging...

CVE-2024-26003 PHOENIX CONTACT: DoS of the control agent in CHARX Series

An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging...

CVE-2024-26002 PHOENIX CONTACT: File ownership manipulation in CHARX Series

An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific...

CVE-2024-26002 PHOENIX CONTACT: File ownership manipulation in CHARX Series

An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific...