DEBIAN-CVE-2024-46822

In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden getcpuforacpiid against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map...

Positron Broadcast Signal Processor TRA7005 1.20 5.1.6 CSRF

============================================================================================================================================= | Title : Positron Broadcast Signal Processor TRA7005 v1.20 5.1.6 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

ABB Cylon Aspect 3.07.01 Hard-Coded Credentials

ABB Cylon Aspect 3.07.01 config.inc.php Hard-coded Credentials in phpMyAdmin Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.01 Summary: ASPECT is an award-winning scalable building energy...

CLSA-2024-1727288321 linux-firmware: Fix of 2 CVEs

Update AMD CPU microcode for processor family 0x19: cpuid:0x00A00F10ver:0x0A00107A, cpuid:0x00A10F12ver:0x0A101248, cpuid:0x00AA0F02ver:0x0AA00215, cpuid:0x00A00F12ver:0x0A001238, cpuid:0x00A10F11ver:0x0A101148, cpuid:0x00A00F11ver:0x0A0011D5; - Update AMD CPU microcode for processor family 0x17:...

ABB Cylon Aspect 3.07.00 Remote Code Execution

ABB Cylon Aspect 3.07.00 networkDiagAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.00 Summary: ASPECT is an award-winning scalable building energy management...

kernel: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()

In the Linux kernel, the following vulnerability has been resolved: ACPI: processoridle: Fix memory leak in acpiprocessorpowerexit After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object 0xffff896282f6c000 size 1024: comm...

kernel: mlxsw: spectrum: Protect driver from buggy firmware

A vulnerability was found in the Linux kernel's mlxsw spectrum driver, where processing port up/down events leads to a NULL pointer dereference. This issue occurs when the driver fails to handle events for the CPU port, which exists but lacks a corresponding network device, resulting in system...

kernel: mlxsw: spectrum: Protect driver from buggy firmware

A vulnerability was found in the Linux kernel's mlxsw spectrum driver, where processing port up/down events leads to a NULL pointer dereference. This issue occurs when the driver fails to handle events for the CPU port, which exists but lacks a corresponding network device, resulting in system...

kernel: scsi: qedf: Make qedf_execute_tmf() non-preemptible

A vulnerability was found in the Linux kernel's qedf driver function qedfexecutetmf, where the function call smpprocessorid is done from preemptible code before acquiring a lock which can result in BUGON when running an RT kernel. This can result in system inconsistencies...

kernel: firmware: cs_dsp: Fix overflow checking of wmfw header

A vulnerability was found in the Linux kernel's firmware driver csdsp.c, where a buffer overflow is possible in the wmfw header due to insufficient buffer size checks. The issue stems from the size of one of the structs that the code checks, the wmfwadsp?sizes struct, which can vary depending on...

kernel: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()

In the Linux kernel, the following vulnerability has been resolved: ACPI: processoridle: Fix memory leak in acpiprocessorpowerexit After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object 0xffff896282f6c000 size 1024: comm...

ABB Cylon Aspect 3.07.00 (networkDiagAjax.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated OS command...

The vulnerability of AMD64 Microcode, related to the use of cryptographic algorithms containing defects, allows attackers to gain access to confidential data.

The vulnerability of AMD64 Microcode processors relates to the use of cryptographic algorithms that contain defects. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

OESA-2024-2158 microcode_ctl security update

This is a tool to transform and deploy microcode update for x86 CPUs. Security Fixes: Observable discrepancy in RAPL interface for some IntelR Processors may allow a privileged user to potentially enable information disclosure via local access.CVE-2024-23984 Improper finite state machines FSMs in...

Code-Projects Blood Bank Management System 安全漏洞

Code-Projects Blood Bank Management System is an open source blood bank management system from Code-Projects. A security vulnerability exists in Code-Projects Blood Bank Management System version 1.0, which stems from a problem in an unknown part of the password processor component that causes...

CVE-2023-25546

Out-of-bounds read in UEFI firmware for some IntelR Processors may allow a privileged user to potentially enable denial of service via local access...

CVE-2024-21871

CVE-2024-21871 covers an improper input validation flaw in UEFI firmware on some Intel® processors that could allow a privileged local attacker to escalate privileges. The issue arises from input validation in the UEFI stack used by Intel’s firmware. Impact is described as privilege escalation wi...

The vulnerability of the test_bpf function in the powerpc64 kernel of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the testbpf function in the powerpc64 component of the Linux operating system is related to the limitation on the use of dbrx for processors compatible with ISA version 2.06. Exploiting this vulnerability can allow a hacker to cause a service failure...

UBUNTU-CVE-2024-46691

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Move unregister out of atomic section Commit '9329933699b3 "soc: qcom: pmicglink: Make client-lock non-sleeping"' moved the pmicglink client list under a spinlock, as it is accessed by the rpmsg/glink callback,...

The vulnerability of the MHD_create_post_processor() function, implemented in the HTTP web server library libmicrohttpd, allows a hacker to cause a service failure.

The vulnerability of the MHDcreatepostprocessor function lies in the implementation of the HTTP server in the libmicrohttpd library. This issue is related to incorrect handling of the multipart/form-data boundary. Exploiting this vulnerability could allow an attacker to cause service failures...