CVE-2024-50017 x86/mm/ident_map: Use gbpages only where full GB page should be mapped.

In the Linux kernel, the following vulnerability has been resolved: x86/mm/identmap: Use gbpages only where full GB page should be mapped. When identpudinit uses only GB pages to create identity maps, large ranges of addresses not actually requested can be included in the resulting table; a 4K...

CVE-2024-50017

CVE-2024-50017 affects the Linux kernel’s identity-mapping code (x86/mm/ident_map). When ident_pud_init() creates identity maps using only GB pages, it can map large address ranges not requested (a 4K request could yield a full 1GB mapping), potentially including BIOS-reserved areas. This enables...

UBUNTU-CVE-2024-49976

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Drop interfacelock in stopkthread stopkthread is the offline callback for "trace/osnoise:online", since commit 5bfbcd1ee57b "tracing/timerlat: Add interfacelock around clearing of kthread in stopkthread", the...

CLSA-2024-1729514415 linux-firmware: Fix of CVE-2023-31315

Update AMD CPU microcode for processor family 0x19: cpuid:0x00A00F10ver:0x0A00107A, cpuid:0x00A10F12ver:0x0A101248, cpuid:0x00AA0F02ver:0x0AA00215, cpuid:0x00A00F12ver:0x0A001238, cpuid:0x00A10F11ver:0x0A101148, cpuid:0x00A00F11ver:0x0A0011D5; - Update AMD CPU microcode for processor family 0x17:...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a reference counting problem in the CPU nodes of the cpufreq subsystem...

ABB Cylon Aspect 3.08.01 databaseFileDelete.php Command Injection

ABB Cylon Aspect 3.08.01 databaseFileDelete.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy...

kernel: mlxsw: spectrum: Protect driver from buggy firmware

A vulnerability was found in the Linux kernel's mlxsw spectrum driver, where processing port up/down events leads to a NULL pointer dereference. This issue occurs when the driver fails to handle events for the CPU port, which exists but lacks a corresponding network device, resulting in system...

ALSA-2024:8162 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Local information disclosure on IntelR AtomR processors CVE-2023-28746 kernel: netfilter: nftflowoffload: reset dst in route object after setting up flow CVE-2024-27403 kernel: Revert...

CLSA-2024-1729015920 linux-firmware: Fix of CVE-2023-31315

Update AMD CPU microcode for processor family 0x19: cpuid:0x00A00F10ver:0x0A00107A, cpuid:0x00A10F12ver:0x0A101248, cpuid:0x00AA0F02ver:0x0AA00215, cpuid:0x00A00F12ver:0x0A001238, cpuid:0x00A10F11ver:0x0A101148, cpuid:0x00A00F11ver:0x0A0011D5; - Update AMD CPU microcode for processor family 0x17:...

ABB Cylon Aspect 3.08.00 yumSettings.php Command Injection

ABB Cylon Aspect 3.08.00 yumSettings.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management and...

OESA-2024-2243 fop security update

FOP Formatting Objects Processor is a print formatter driven by XSL formatting objects XSL-FO and an output independent formatter. It is a Java application that reads a formatting object FO tree and renders the resulting pages to a specified output. Output formats currently supported include PDF,...

Znuny 安全漏洞

Znuny is a work order system from Znuny, Inc. A security vulnerability exists in Znuny versions 6.5.1 through 6.5.10, 7.0.1 through 7.0.16, and 6.0 that originates from a denial-of-service/redo attack that allows parsing of email content via email can result in high CPU usage and block the parsin...

ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vulnerability

ABB Cylon Aspect version 3.07.02 uses a weak set of default administrative credentials that can be guessed in remote password attacks and used to gain full control of the system. ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb...

ABB Cylon Aspect 3.07.02 user.properties Default Credentials

ABB Cylon Aspect 3.07.02 user.properties Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building energy management and...

ABB Cylon Aspect 3.07.02 sshUpdate.php Unauthenticated Remote SSH Service Control Vulnerability

ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper...

CLSA-2024-1728581726 linux-firmware: Fix of CVE-2023-31315

Update AMD CPU microcode for processor family 0x19: cpuid:0x00A00F10ver:0x0A00107A, cpuid:0x00A10F12ver:0x0A101248, cpuid:0x00AA0F02ver:0x0AA00215, cpuid:0x00A00F12ver:0x0A001238, cpuid:0x00A10F11ver:0x0A101148, cpuid:0x00A00F11ver:0x0A0011D5; - Update AMD CPU microcode for processor family 0x17:...

CLSA-2024-1728581276 linux-firmware: Fix of CVE-2023-31315

Update AMD CPU microcode for processor family 0x19: cpuid:0x00A00F10ver:0x0A00107A, cpuid:0x00A10F12ver:0x0A101248, cpuid:0x00AA0F02ver:0x0AA00215, cpuid:0x00A00F12ver:0x0A001238, cpuid:0x00A10F11ver:0x0A101148, cpuid:0x00A00F11ver:0x0A0011D5; - Update AMD CPU microcode for processor family 0x17:...

CLSA-2024-1728579854 microcode_ctl: Fix of CVE-2023-31315

Update Intel CPU microcode to 20240813: - Addition of cpuid:806F8/0x10 SPR-HBM B3 microcode in microcode.dat at revision 0x2c000390; - Addition of cpuid:806F8/0x87 SPR-SP E5/S3 microcode in microcode.dat at revision 0x2b0005c0; - Addition of cpuid:90672/0x07 ADL-HX/S 8+8 C0 microcode in...

The vulnerability of the annotation processor for viewing electronic documents in PDF format, provided by Foxit PDF Reader (formerly Foxit Reader), allows a perpetrator to disclose protected information.

The vulnerability of the annotation processor for viewing electronic documents in PDF format, provided by Foxit PDF Reader formerly Foxit Reader, is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose protected...

The vulnerability of the annotation processor for viewing electronic documents in PDF format, provided by Foxit PDF Reader (formerly Foxit Reader), allows a perpetrator to execute arbitrary code.

The vulnerability of the annotation processor in the PDF viewer software, Foxit PDF Reader formerly Foxit Reader, is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created...