CVE-2024-50093

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: int340x: processor: Fix warning during module unload The processorthermal driver uses pcimdeviceenable to enable a PCI device, which means the device will be automatically disabled on driver detach. Thus there is ...

CVE-2024-50093 thermal: intel: int340x: processor: Fix warning during module unload

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: int340x: processor: Fix warning during module unload The processorthermal driver uses pcimdeviceenable to enable a PCI device, which means the device will be automatically disabled on driver detach. Thus there is ...

CVE-2024-50093

Summary: CVE-2024-50093 relates to the Linux kernel where the processor_thermal/intel int340x driver emitted a warning during module unload due to an unnecessary second pci_disable_device() call after enabling a PCI device with pcim_device_enable(). The connected Astra Linux and Debian Debian-LTS...

CVE-2024-50093 thermal: intel: int340x: processor: Fix warning during module unload

In the Linux kernel, the following vulnerability has been resolved: thermal: intel: int340x: processor: Fix warning during module unload The processorthermal driver uses pcimdeviceenable to enable a PCI device, which means the device will be automatically disabled on driver detach. Thus there is ...

spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

ABB Cylon Aspect 3.08.00 Off-By-One

ABB Cylon Aspect 3.08.00 logMix/YumLookup.php Off-by-One Error in Log Parsing Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy...

OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

CVE-2024-45185

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300. There is an out-of-bounds write due to a heap overflow in the GPRS protocol...

CVE-2024-45185

CVE-2024-45185 affects Samsung Exynos family: Samsung Mobile Processor, Wearable Processor, and Modem Exynos devices. Root cause is a heap overflow in the GPRS protocol leading to an out-of-bounds write. Affected versions include Samsung Mobile Processor, Wearable Processor, and Modem Exynos vers...

ABB Cylon Aspect 3.08.01 File Upload MD5 Checksum Bypass

ABB Cylon Aspect 3.08.01 badassMode File Upload MD5 Checksum Bypass Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy managemen...

Important: microcode_ctl

Issue Overview: Incorrect default permissions in some IntelR XeonR processor memory controller configurations when using IntelR SGX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2024-21820 Improper finite state machines FSMs in the hardware logic ...

Important: microcode_ctl

Issue Overview: Incorrect default permissions in some IntelR XeonR processor memory controller configurations when using IntelR SGX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2024-21820 Improper conditions check in some IntelR XeonR processor...

Amazon Linux AMI : microcode_ctl (ALAS-2024-1950)

The version of microcodectl installed on the remote host is prior to 2.1-47.44. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1950 advisory. 2024-12-05: CVE-2024-21820 was added to this advisory. 2024-12-05: CVE-2024-23918 was added to this advisory...

PT-2024-35642

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises from the improper use of userspace irqchip in use in the Linux kernel, specifically in the KVM arm64 component. This leads to a WARN ON in kvm timer update irq. The...

CLSA-2024-1730299036 Update of microcode_ctl

Update Intel CPU microcode to 20240910: - Addition of cpuid:806F8/0x10 SPR-HBM B3 microcode in microcode.dat at revision 0x2c000390; - Addition of cpuid:806F8/0x87 SPR-SP E5/S3 microcode in microcode.dat at revision 0x2b0005c0; - Addition of cpuid:90672/0x07 ADL-HX/S 8+8 C0 microcode in...

hw: cpu: intel: Native Branch History Injection (BHI)

A flaw was found in some Intel CPUs where mitigations for the Spectre V2/BHI vulnerability were incomplete. This issue may allow an attacker to read arbitrary memory, compromising system integrity and exposing sensitive information...

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Servlet Inclusion Authentication Bypass

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller is vulnerable to remote, arbitrary servlet...

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Project Download

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Project Download Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

ABB Cylon Aspect 3.08.01 jsonProxy.php Cross Site Scripting

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Reflected XSS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy manageme...

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Unauthenticated Project Download

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The jsonProxy.php endpoint on the ABB BMS/BAS controller is vulnerabl...