Security Bulletin: This Power System update is being released to address CVE-2024-45656

Summary IBM Flexible Service Processor FSP has static credentials which may allow network users to gain service privileges to the FSP. Vulnerability Details CVEID:CVE-2024-45656 DESCRIPTION: IBM Flexible Service Processor FSP has static credentials which may allow network users to gain service...

The vulnerability of the cppc_cpufreq_cpu_init component in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the cppccpufreqcpuinit component in the Linux operating system is related to uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-10846

The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...

USN-7225-1: HTMLDOC vulnerabilities

It was discovered that HTMLDOC incorrectly handled memory in the imagesetmask, gitreadlzw, writeheader and writenode functions, which could lead to a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected...

CVE-2024-10929 Spectre-BSE

In certain circumstances, an issue in Arm Cortex-A57, Cortex-A72 revisions before r1p0, Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history...

CVE-2025-21530

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Panel Processor. Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

PT-2025-9007

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel's hrtimers infrastructure allows wakeups to be performed by an outgoing CPU after the CPUHP AP HRTIMERS DYING stage, potentially resulting in bandwidt...

CVE-2024-46921

An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of...

CVE-2024-46920

An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadInputBuffers...

CVE-2024-46919

An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadOutputBuffers...

CVE-2024-46921

An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of...

CVE-2024-48883

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, and Modem 5300. The UE incorrectly handles a malformed uplink scheduling message, resulting in ...

SAMSUNG Mobile Processor 安全漏洞

SAMSUNG Mobile Processor is a family of mobile processors from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Processor due to a lack of length checking, resulting in a stack out-of-bounds write at loadOutputBuffers...

CVE-2024-46921

An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of...

The vulnerability of AMD Secure Processor’s microprogramming software is related to improper validation of input data, allowing attackers to exploit their privileges.

The vulnerability of AMD Secure Processor ASP microprogramming software relates to improper validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2024-46921

The CVE-2024-46921 issue affects Samsung Mobile Processor and Modem lines (Exynos 9820/9825/980/990/1080/2100/1280/2200/1330/1380/1480/2400/9110/W1000 and Modem 5123/5300/5400). The vulnerability is that the UE does not throttle the number of attempts for the 5G SA RRC Setup procedure, which can ...

SAMSUNG Mobile Processor 安全漏洞

SAMSUNG Mobile Processor is a family of mobile processors from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Processor, which originated when the UE incorrectly processed an incorrectly formatted uplink scheduling message, resulting in the disclosure of UE information...

CVE-2024-48883

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, and Modem 5300. The UE incorrectly handles a malformed uplink scheduling message, resulting in ...

CVE-2024-48883

CVE-2024-48883 affects Samsung Exynos/Modem family (UEs in Samsung Mobile Processor, Wearable Processor, Modem 980–9825, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300). The issue arises from the UE incorrectly handling a malformed uplink...

CVE-2024-46920

The CVE-2024-46920 issue affects Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Root cause: a missing length check causes a stack out-of-bounds write at loadInputBuffers. This has been consistently reported across multiple feeds (NVD/Red Hat/CNNVD) with no explic...