SUSE-SU-2024:4053-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20241112 release bsc1233313 - CVE-2024-21853: Faulty finite state machines FSMs in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially...

The vulnerability of the Intel Alias Checking Trusted Module (Intel ACTM), a microprogramming software component for Intel 4th Generation and 5th Generation processors, allows attackers to exploit it to increase their privileges.

The vulnerability of the Intel Alias Checking Trusted Module Intel ACTM, a microprogramming software component of Intel’s 4th and 5th generation processors, relates to the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow attackers to enhance their...

AZL-53522 CVE-2024-52804 affecting package python-tornado 6.3.3-11

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

UBUNTU-CVE-2024-52804

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

IBM Flexible Service Processor Trust Management Issues Vulnerability

The IBM Flexible Service Processor IBM FSP is a series of flexible service processors from International Business Machines IBM. IBM Flexible Service Processor is vulnerable to a trust management issue vulnerability that stems from having static credentials that could allow a network user to gain...

K000148650: Intel processor vulnerabilities CVE-2024-22185 and CVE-2024-24985

Security Advisory Description CVE-2024-22185 Time-of-check Time-of-use Race Condition in some IntelR processors with IntelR ACTM may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2024-24985 Exposure of resource to wrong sphere in some IntelR processor...

MAL-2024-10854 Malicious code in mangadex-archive-torrent-processor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2f61f9f0bddcac27e9556b815f90a7862641325b58347a0d02b6e965fbe86e15 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

DEBIAN-CVE-2024-50281

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation When sealing or unsealing a key blob we currently do not wait for the AEAD cipher operation to finish and simply return after submitting the request. If there is...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a problematic stale CPU state when handling SVE traps...

CVE-2020-3548

A vulnerability in the Transport Layer Security TLS protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service DoS condition. The...

K000148584: Intel Xeon Processor vulnerability CVE-2024-23918

Security Advisory Description Improper conditions check in some IntelR XeonR processor memory controller configurations when using IntelR SGX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2024-23918 Impact There is no impact; F5 products are not...

The vulnerability of the Modbus protocol implementation in Schneider Electric’s programmable logic controllers (PLCs), such as the Modicon M340 CPU BMXP34, Modicon MC80 BMKC80, and Modicon Momentum Unity M1E Processor 171CBU, allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the Modbus protocol implementation in Schneider Electric’s programmable logic controllers PLCs such as Modicon M340 CPU BMXP34, Modicon MC80 BMKC80, and Modicon Momentum Unity M1E Processor 171CBU lies in the execution of operations outside the buffer in memory. Exploiting th...

Intel® Xeon® Processor with Intel® SGX Advisory

Summary: Potential security vulnerabilities in some Intel® Xeon® processors using Intel® Software Guard Extensions Intel SGX may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2024-23918 Description...

UBUNTU-CVE-2024-23918

Improper conditions check in some IntelR XeonR processor memory controller configurations when using IntelR SGX may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2024-21820

Incorrect default permissions in some IntelR XeonR processor memory controller configurations when using IntelR SGX may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2024-9413

The transportmessagehandler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor AP to cause a buffer overflow in System Control Processor SCP firmware...

The vulnerability of Linux operating system’s DRM/AMDGPU cores allows a hacker to trigger a service failure.

The vulnerability of DRM/AMDGPU cores in the Linux operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a perpetrator to cause service failures...

Intel® Xeon® Processor Advisory

Summary: A potential security vulnerability in some 4th and 5th Generation Intel® Xeon® Processors may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-21853 Description: Improper Finite State Machines...

Siemens SIMATIC CP 1543-1 Authorization Error Vulnerability

SIMATIC CP 1543-1 communication processors connect SIMATIC S7-1500 controllers to Ethernet networks. They provide integrated security features such as firewalls, virtual private networks VPNs, and support other protocols with data encryption. An authorization error vulnerability exists in the...

kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R)

A vulnerability was found in the Intel Xeon Processor's microcode. This issue may allow a malicious actor to achieve local privilege escalation when using Intel SGX or Intel TDX features...