DEBIAN-CVE-2024-43890

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in getfreeelt "tracingmap-nextelt" in getfreeelt is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracingmap even though the maximum number of elements maxelts has be...

cifar-10-model (=7.4.0), clip-jax (>=0.0.1 <=0.0.4) +9 more potentially affected by CVE-2023-33976 via tensorflow-cpu (>=1.15.0 <=2.11.1)

tensorflow-cpu PYPI version =1.15.0, =0.0.1, =0.2.3, =0.0.5, =1.0.0, =1.8.2, =0.1.3, =0.3.0.dev221212, =0.7.0, =0.7.5 Source cves: CVE-2023-33976 Source advisory: OSV:GHSA-GJH7-XX4R-X345...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in the cpufreq:amd-pstate component during CPU EPP exit...

CLSA-2024-1719568839 Update of linux-firmware

Update AMD CPU microcode to 2024-01-16: - Update AMD CPU microcode for processor family 19h: sig 0x00a00f11, sig 0x00a00f12;...

DEBIAN-CVE-2021-47513

In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: Fix memory leak in felixsetupmmiofiltering Avoid a memory leak if there is not a CPU port defined. Addresses-Coverity-ID: 1492897 "Resource leak" Addresses-Coverity-ID: 1492899 "Resource leak"...

kernel: intel: Fix NULL pointer dereference issue in upi_fill_topology()

A vulnerability was discovered in the Linux kernel in which certain CPU topologies could result in a null pointer dereference, affecting system stability...

DEBIAN-CVE-2024-2193

A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the...

PT-2023-7608 · Siemens · Simatic S7-1500 Cpu Family

Name of the Vulnerable Software and Affected Versions: Siemens SIMATIC S7-1500 CPU Family affected versions not specified Description: The issue is related to a use-after-free vulnerability in the software of programmable logic controllers. This could allow a remote attacker to cause a denial of...

PT-2024-12473 · Amd +2 · Amd Cpus +2

Name of the Vulnerable Software and Affected Versions: AMD CPUs affected versions not specified Description: The issue affects AMD CPUs with extensions to normal x86 debugging functions, introduced in CPUs since around 2014. Recommendations: At the moment, there is no information about a newer...

hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch

A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches...

Supermicro X11 安全漏洞

The Supermicro X11 is a server motherboard from Supermicro. A security vulnerability exists in the Supermicro X11SSL-CF HW Rev 1.01, BMC firmware version 1.63, which stems from the BMC having an internal IC bus that causes the voltage to vary outside of the CPU's specified operating range, thus...

UBUNTU-CVE-2022-36021

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

SUSE CVE-2022-26363

x86 pv: Insufficient care with non-coherent mappings This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to...

PT-2022-12204 · Siemens · Simatic Drive Controller Cpu 1504D Tf +73

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue concerns the processing of specially crafted packets sent to port 102/tcp. This could potentially allow an attacker to cause a denial of service in the affected devices...

clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by CVE-2022-41898 via tensorflow-cpu (>=2.9.0 <=2.9.1)

tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: CVE-2022-41898 Source advisory: OSV:GHSA-HQ7G-WWWP-Q46H...

hw: cpu: AMD: Branch Type Confusion (non-retbleed)

A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure...

hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)

A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to enable information disclosure via local access...

clip-jax (=0.0.5) potentially affected by CVE-2022-35983 via tensorflow-cpu (=2.9.0)

tensorflow-cpu PYPI version =2.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - clip-jax =0.0.5 Source cves: CVE-2022-35983 Source advisory: OSV:GHSA-M6VP-8Q9J-WHX4...

GHSA-V62J-CXHH-FQ22 graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources

graphql-java before 19.0, 18.3, and 17.4 is vulnerable to Denial of Service. An attacker send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0, 18.3, and 17.4...

PT-2022-6750

Name of the Vulnerable Software and Affected Versions Python versions prior to 3.11.1 Python versions prior to 3.10.9 Python versions prior to 3.9.16 Python versions prior to 3.8.16 Python versions prior to 3.7.16 Description An issue exists in the IDNA RFC 3490 decoder, where an unnecessary...