EUVD-2017-12855

Malicious code in bioql PyPI...

CVE-2024-46848

CVE-2024-46848 affects the Linux kernel perf/x86/intel Haswell frequency-estimation path. The issue stems from a too-short initial period (1) triggering HW errata HSW11/HSW143; fixes enforce a minimum period (128 for INST_RETIRED.ALL and 32 for other counters) and adjust the frequency-estimation ...

kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c

A flaw was found in the Linux kernel. On some Haswell CPUs, userspace applications such as perf-fuzzer can cause a system crash because the PEBS status in a PEBS record is mishandled...

Updated kernel packages fix security vulnerability

This kernel update is based on upstream 5.10.8 and fixes at least the following security issue: SCSI “EXTENDED COPY” XCOPY requests sent to a Linux SCSI target LIO allow an attacker to read or write anywhere on any LIO backstore configured on the host, provided the attacker has access to one LUN...

CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

Security Bulletin: IBM Security Privileged Identity Manager has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the following a fixpack for IBM Security Privileged Identity Manager in response to CVE-2017-5753 and CVE-2017-5754 Vulnerability Details CVEID: CVE-2017-5753 DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex A57 CPUs could allow a local authenticated attacker to...

EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigat...

Security Bulletin: IBM Security Guardium is affected by a Using Components (microcode_ctl) with Known Vulnerabilities vulnerability

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-5715 DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex A57 CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a branch target injection in...

x86: DoS from attempting to use INVPCID with a non-canonical addresses

ISSUE DESCRIPTION The INVPCID instruction raises GP0 if an attempt is made to invalidate a non-canonical address. Older flushing mechanisms such as INVLPG tolerate this without error, and perform no action. There is one guest accessible path in Xen where a non-canonical address was passed into th...

Security Bulletin: IBM Cloud Manager is affected by the vulnerabilities known as Spectre and Meltdown

Summary IBM Cloud Manager is affected by security vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details CVEID:...

Security Bulletin: IBM Security Identity Governance and Intelligence has released a fixpack in response to the vulnerabilities known as Spectre and Meltdown

Summary IBM has released the following fixpack for IBM Security Identity Governance and Intelligence in response to CVE-2017-5753 and CVE-2017-5754 Vulnerability Details CVEID: CVE-2017-5753 DESCRIPTION: Intel Haswell Xeon, AMD PRO and ARM Cortex A57 CPUs could allow a local authenticated attacke...

Security Bulletin: IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown.

Summary IBM Information Server on Cloud is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details...

Security Bulletin: IBM Netezza Host Management is affected by the vulnerabilities known as Spectre and Meltdown.

Summary IBM Netezza Host Management is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass conventional memory security restrictions to gain access to privileged memory that should be inaccessible. Vulnerability Details CVEI...

Security Bulletin: IBM Aspera Platform On Demand, IBM Aspera Server On Demand, IBM Aspera Faspex On Demand, IBM Aspera Shares On Demand, IBM Aspera Transfer Cluster Manager is affected by the vulnerabilities known as Spectre and Meltdown.

Summary IBM Aspera Platform On Demand, IBM Aspera Server On Demand, IBM Aspera Faspex On Demand, IBM Aspera Shares On Demand, IBM Aspera Transfer Cluster Manager is affected by the vulnerabilities known as Spectre and Meltdown, which can enable CPU data cache timing to be abused to bypass...

Amazon Linux AMI : openssl (ALAS-2018-1016)

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

Medium: openssl

Issue Overview: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believe...

FreeBSD : OpenSSL -- multiple vulnerabilities (b7cff5a9-31cc-11e8-8f07-b499baebfeaf)

The OpenSSL project reports : - Constructed ASN.1 types with a recursive definition could exceed the stack CVE-2018-0739 Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could...

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports: Constructed ASN.1 types with a recursive definition could exceed the stack CVE-2018-0739 Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could resu...

openSUSE Security Update : openssl (openSUSE-2017-1381)

This update for openssl fixes the following issues : - OpenSSL Security Advisory 07 Dec 2017 - CVE-2017-3737: OpenSSL 1.0.2 starting from version 1.0.2b introduced an 'error state' mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error...

OpenSSL 1.1.0 < 1.1.0h Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.0h. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0h advisory. - Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given maliciou...