Is secure boot on the main application processor enough?

TL;DR Secure boot ensures only authentic firmware can run on a device and should form part of a layered defence strategy. Sub-systems often lack secure boot capabilities, limiting protection for non-critical processors. Focus on secure boot for the main processor; it can provide adequate security...

PT-2024-35145 · Tenda · Tenda Ac6V2

Name of the Vulnerable Software and Affected Versions: Tenda AC6V2 versions through 15.03.06.50 Description: The issue is a Stack-based Buffer Overflow vulnerability in the WizardHandle modules of Tenda AC6V2, allowing buffer overflows. Recommendations: For versions through 15.03.06.50, consider...

The vulnerability of MELSEC iQ-F Ethernet module software and EtherNet/IP modules arises from the improper validation of certain input types, allowing attackers to trigger malfunctions during maintenance operations.

The vulnerability of MELSEC iQ-F Ethernet module software and EtherNet/IP modules is related to improper validation of specified types of input data. Exploiting this vulnerability can allow an attacker to trigger a service failure by sending specially crafted SLMP packets...

[SECURITY] Fedora 41 Update: pam-1.6.1-7.fc41

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

NodeMCU 安全漏洞

NodeMCU is a Lua-based open source firmware from NodeMCU Open Source. A security vulnerability exists in NodeMCU version v3.0.0-release20240225, which stems from the getnum function in /modules/struct.c containing an integer overflow...

CVE-2024-36671

NodeMCU firmware is affected by CVE-2024-36671 due to an integer overflow in the getnum function located at /modules/struct.c, before version 3.0.0-release_20240225. The vulnerability is tied to the NodeMCU v3.x history as described in multiple sources; the issue arises from arithmetic overflow i...

PT-2024-27115 · Nodemcu · Nodemcu

Name of the Vulnerable Software and Affected Versions: nodemcu versions prior to 3.0.0-release 20240225 Description: The issue is related to an integer overflow in the getnum function located at /modules/struct.c. This overflow can be exploited, potentially leading to unintended behavior. No...

zhmc-ansible-modules 安全漏洞

zhmc-ansible-modules is an Ansible collection for IBM Z HMC open sourced by zhmcclient. A security vulnerability exists in zhmc-ansible-modules, which stems from the fact that under certain circumstances, ibm.ibmzhmc writes password-like attributes in plaintext to its log files and to the output...

[SECURITY] Fedora 41 Update: perl-Module-ScanDeps-1.37-1.fc41

This module scans potential modules used by perl programs and returns a hash reference. Its keys are the module names as they appear in %INC e.g. Test/More.pm. The values are hash references...

io.github.openfeign.querydsl:querydsl-collections (>=5.0.1 <=5.6), io.github.openfeign.querydsl:querydsl-hibernate-search (>=5.0.1 <=5.6) +6 more potentially affected by CVE-2024-49203 via io.github.openfeign.querydsl:querydsl-apt (>=5.0.1 <=5.6)

io.github.openfeign.querydsl:querydsl-apt MAVEN version =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.0.1, =5.6 Source cves: CVE-2024-49203 Source advisory: OSV:GHSA-6Q3Q-6V5J-H6VG...

CVE-2024-53100

CVE-2024-53100: Linux kernel nvme-tcp fix for a race between queue_lock usage in nvme_tcp_get_address() and destruction in nvme_tcp_free_queue(). The commit 76d54bf20cdc adds a mutex_lock for queue-&gt;queue_lock, but this can race with mutex_destroy(), triggering a WARN during error recovery. A ...

Important: Red Hat Security Advisory: pam:1.5.1 security update

An update for the pam:1.5.1 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: pam security update

An update for pam is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Important: pam:1.5.1 security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: pam: Improper Hostname Interpretation in pamaccess Leads to Access Control Bypass CVE-2024-10963 For more details about the...

Astra Linux – Vulnerability in needrestart

Qualys discovered that before version 3.8, needrestart passed unsanitized data to a library Modules::ScanDeps, which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please refer to the related CVE-2024-10224 in Modules::ScanDeps...

SUSE CVE-2024-11003

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...

What's new in Spring Modulith 1.3?

After half a year of development, Spring Modulith 1.3 GA has been released. It is packed with new features, improvements, and – best of all – community contributions. Let me walk you through some of the most interesting ones. Baseline Upgrades As usual, a new minor version of Spring Modulith...

DEBIAN-CVE-2024-11003

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...

ALPINE-CVE-2024-10224

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

CVE-2024-11003

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...