42 matches found
EUVD-2018-12571
Malware in sbrugna...
EUVD-2022-27520
Malicious code in bioql PyPI...
EUVD-2022-54532
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-49703
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store vhost pointer during subcrq allocation Currently the back pointer from a...
CVE-2022-49703
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store vhost pointer during subcrq allocation Currently the back pointer from a queue to the vhost adapter isn't set until after subcrq interrupt registration. The value is available when a queue is first allocated a...
CVE-2022-49703 scsi: ibmvfc: Store vhost pointer during subcrq allocation
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store vhost pointer during subcrq allocation Currently the back pointer from a queue to the vhost adapter isn't set until after subcrq interrupt registration. The value is available when a queue is first allocated a...
CVE-2022-49703
Conforms to Mode C. The CVE-2022-49703 issue affects the Linux kernel ibmvfc driver: the back pointer from a SCSI queue to the vhost adapter was not set during subcrq allocation, which could allow a stale backpointer to be dereferenced during IRQ handling. This could cause a kernel NULL pointer d...
CVE-2022-49703 scsi: ibmvfc: Store vhost pointer during subcrq allocation
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store vhost pointer during subcrq allocation Currently the back pointer from a queue to the vhost adapter isn't set until after subcrq interrupt registration. The value is available when a queue is first allocated a...
Security Bulletin: This Power System update is being released to address CVE-2022-4304
Summary The OpenSSL RSA Decryption timing-based side channel attack affects BMC's HTTPS and SSH connections. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...
Security Bulletin: This Power System update is being released to address CVE-2022-4450
Summary This affects the BMC administrator function to upload HTTPS certificates. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the improper handling of specific PEM data by the PEMreadbioex function. ...
Security Bulletin: This Power System update is being released to address CVE-2023-33851
Summary A vulnerability was identifed where sensitive partition data may be accessible to a system administrator. Vulnerability Details CVEID:CVE-2023-33851 DESCRIPTION: IBM PowerVM Hypervisor could reveal sensitive partition data to a system administrator. CVSS Base score: 5.3 CVSS Temporal Scor...
Security Bulletin: This Power System update is being released to address CVE-2023-25683
Summary The PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the HMC Vulnerability Details CVEID:CVE-2023-25683 DESCRIPTION: IBM PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the...
Security Bulletin: This Power System update is being released to address multiple CVEs for vTPM1.2
Summary This update addresses multiple CVEs that impacts any VM configured with a virtual trusted platform module vTPM version 1.2 Vulnerability Details CVEID:CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive...
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: heap overflow in nftseteleminit CVE-2022-34918 kernel: vulnerability of buffer overflow in nftsetdescconcatparse CVE-2022-2078 For more details about the security issues, including the...
ALSA-2022:6610 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: heap overflow in nftseteleminit CVE-2022-34918 kernel: vulnerability of buffer overflow in nftsetdescconcatparse CVE-2022-2078 For more details about the security issues, including the...
Security Bulletin: An attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware.
Summary PowerVM partition firmware is the portion that executes in each partition during boot. On POWER9 systems an attacker that gains service access to the FSP can compromise partition firmware for any partition configured on the system. On all affected systems an attacker that gains admin...
Security Bulletin: Vulnerability in OpenSSL (CVE-2022-0778) affects PowerVM
Summary OpenSSL is used by PowerVM to support encrypted Logical Partition Mobility. This bulletin provides a remediation for the impacted vulnerability, CVE-2022-0778 by upgrading PowerVM and thus addressing the exposure to the openssl vulnerability. Vulnerability Details CVEID: CVE-2022-0778...
CVE-2022-22374
The BMC IBM Power 9 AC922 OP910, OP920, OP930, and OP940 may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442...
Buffer overflow
The BMC IBM Power 9 AC922 OP910, OP920, OP930, and OP940 may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442...
CVE-2022-22374
The CVE-2022-22374 entry concerns the BMC firmware on IBM Power System AC922 servers (OP910/OP920/OP930/OP940). The issue is a firmware downgrade attack that may affect the host’s ability to operate. Public details indicate no Power System firmware update is released specifically for this CVE; re...