Epyc™ Processors Security Vulnerabilities

AMD Embedded Processors Vulnerabilities – February 2024

Bulletin ID: AMD-SB-5001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization (PI) firmware packages....

Intel® Optane™ PMem Management Software Advisory

Summary: Potential security vulnerabilities in some Intel® Optane™ Persistent Memory (PMem) management software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-22311 Description: Improper...

SEV-SNP Firmware Vulnerabilities

Bulletin ID: AMD-SB-3007 Potential Impact:Data leakage (CVE-2023-31346) and loss of integrity (CVE-2023-31347) Severity:Refer to the CVE Details section Summary This bulletin addresses two SEV firmware vulnerabilities reported by an external researcher. Refer to the CVE Details section below. CVE.....

Intel® PROSet/Wireless and Intel® KillerTM Wi-Fi Software Advisory

Summary: Potential security vulnerabilities in some Intel® PROSet/Wireless and Intel® Killer™ Wi-Fi software may allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details:...

Intel® oneAPI Software Installers Advisory

Summary: Potential security vulnerabilities in some Intel® oneAPI Toolkit and component software installers may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-32618 Description: Uncontrolled...

Intel® ThunderboltTM DCH Drivers for Windows Advisory

Summary: Potential security vulnerabilities in some Intel® Thunderbolt™ Declarative Componentized Hardware (DCH) drivers for Windows may allow escalation of privilege, denial of service, and/or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.....

Intel® Server OpenBMC Firmware Advisory

Summary: Potential security vulnerabilities in some Intel® OpenBMC firmware may allow escalation of privilege and information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-32280 Description: Insufficiently...

CVE-2024-24814

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable.....

Intel® Unison™ Software Advisory

Summary: Potential security vulnerabilities in some Intel® Unison™ software may allow denial of service or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-2804(Non-Intel issued) Description: Improper...

AMD Processor Vulnerabilities

Bulletin ID: AMD-SB-7009 Potential Impact: Refer to the CVE Details section Severity: Refer to the CVE Details section Summary Researchers disclosed multiple potential vulnerabilities that may impact some AMD processors. AMD has assessed the researchers’ findings and is publishing CVEs and...

AMD UltraScale™/UltraScale+™ FPGA Series RSA Authentication

Bulletin ID: AMD-SB-8002 Potential Impact: Information Integrity Severity: Refer to the Summary section for details Summary Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. CVE| Severity| CVE...

Intel® Thunderbolt™ Controller Advisory

Summary: A potential security vulnerability in some Intel® Thunderbolt™ Controllers may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28396 Description: Improper access control in firmware for some...

Ubuntu: Security Advisory (USN-6628-1)

The remote host is missing an update for...

Unbreakable Enterprise kernel security update

[4.14.35-2047.533.3] - net: rfkill: gpio: set GPIO direction (Rouven Czerwinski) - sched/fair: Fix tg->load when offlining a CPU (Vincent Guittot) [Orabug: 36185208] - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (Mark Zhang) [Orabug: 36143229] - sched/rt:...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2024 Critical Patch Update, plus CVE-2023-33850. For more information please refer to Oracle's January 2024 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details **....

Security Bulletin: Vulnerabilities in Axios, Node.js, VMWare tools, and Linux Kernel might affect IBM Storage Defender – Data Protect.

Summary IBM Storage Defender – Data Protect is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The...

linux-intel-iotg vulnerabilities

Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32250, CVE-2023-32252,...

Updated microcode fixes bugs and a security vulnerability

The updated package contains microcode updates for Intel and AMD CPUs, including a fix for a security vulnerability: Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1144)

The remote host is missing an update for the Huawei...

Mageia: Security Advisory (MGASA-2024-0028)

The remote host is missing an update for...

Linux kernel (Intel IoTG) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-intel-iotg - Linux kernel for Intel IoT platforms Details Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of...

linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15 vulnerabilities

Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-32250, CVE-2023-32252,...

Security Bulletin: NVIDIA DGX Station A100 and DGX Station A800 - February 2024

NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems. To protect your system, download and install this firmware update through the NVIDIA Enterprise Support Portal. Go to NVIDIA Product Security. Details This section provides a summary of...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-gcp-5.15 - Linux...

Ubuntu: Security Advisory (USN-6626-1)

The remote host is missing an update for...

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2024-1144)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined...

Ubuntu: Security Advisory (USN-6624-1)

The remote host is missing an update for...

linux, linux-aws, linux-gcp, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive vulnerabilities

Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service (paravirtualized device unavailability). (CVE-2023-34324) Zheng Wang...

Announcing TotalCloud™ 2.0 with TruRisk™ Insights: The Future of Cloud and SaaS Security

Rapid cloud and SaaS adoption is driving digital transformation that's reshaping business agility and scalability, making cloud and SaaS security more critical than ever. Recognizing this shift, in November 2022, Qualys launched TotalCloud – an AI-powered cloud-native application protection...

Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as CVE-2023-40547 (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

Linux kernel vulnerabilities

Releases Ubuntu 23.10 Ubuntu 22.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-hwe-6.5 - Linux hardware enablement (HWE) kernel linux-laptop - Linux kernel for Lenovo...

CVE-2024-22388

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a denial of service and integrity impact due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to a remote attacker causing a denial of service (CVE-2023-22081 and CVE-2023-5676) and an integrity impact (CVE-2023-22067) as described in the vulnerability details section. This bulletin...

Security Bulletin: IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and VPN Module affected by multiple vulnerabilities

Summary Vulnerabilities contained within Open VPN (a 3rd party component) and Open SSL were addressed in the IBM MaaS360 Cloud Extender Agent and VPN Modules. Vulnerabilities contained within Eclipse Jetty and Netty (a 3rd party component) were addressed in the IBM MaaS360 Mobile Enterprise...

HID Global Encoders

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable locally Vendor: HID Global Equipment: iCLASS SE, OMNIKEY Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read data from reader configuration cards...

HID Global Reader Configuration Cards

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: HID Global Equipment: Reader Configuration Cards Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read the credential and device...

How a $10B Enterprise Customer Drastically Increased their SaaS Security Posture with 201% ROI by Using SSPM

SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration –....

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data has migrated to a new base image for the Operators used by our Speech Services. The following vulnerabilities...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OpenSSL vulnerabilities (USN-6622-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6622-1 advisory. Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very...

GLSA-202402-07 : Xen: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-07 (Xen: Multiple Vulnerabilities) grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs and we recommend updating to the latest version to...

K000138452 : Intel CPU BIOS vulnerabilities CVE-2023-25756 and CVE-2023-22329

Security Advisory Description CVE-2023-25756 Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access. CVE-2023-22329 Improper input validation in the BIOS firmware for some Intel(R)...

Post-quantum Cryptography for the Go Ecosystem

filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM (formerly known as Kyber, renamed because we can't have nice things) is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...

Wiz recognized with top score for the current offering category in The Forrester Wave™: Cloud Workload Security, Q1, 2024

Learn why Forrester recognized Wiz as the top ranked in the current offering category on the market out of the top 13 providers, and how their analysis connects with the Wiz...

Kafka vs RabbitMQ

An Intro to Kafka and RabbitMQ: The Masters of Messaging In the realm of messaging systems, two names stand out: Kafka and RabbitMQ. These two powerhouses have become the go-to solutions for developers and organizations looking to handle high-volume, real-time data processing and messaging. But...

Ubuntu: Security Advisory (USN-6604-2)

The remote host is missing an update for...

Ubuntu 16.04 ESM / 18.04 ESM : Linux kernel (Azure) vulnerabilities (USN-6604-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6604-2 advisory. A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a...

linux-azure, linux-azure-4.15 vulnerabilities

It was discovered that the ASUS HID driver in the Linux kernel did not properly handle device removal, leading to a use-after-free vulnerability. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (system crash). (CVE-2023-1079) Jana...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition 8.5.0 (CVE-2016-3449, CVE-2016-0264)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details If you run your own Java code using the IBM Java Runtime...