openSUSE Security Advisory (SUSE-SU-2024:3095-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-45401 stripe-cli Path Traversal vulnerability

stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...

SUSE CVE-2024-44948

In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching control of the 640K-1MB region that uses separate MSRs. This fixed variant has a separate capability bit in the...

AZL-49881 CVE-2024-44969 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, ther...

UBUNTU-CVE-2024-44968

In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer more reliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a fixed MTRRs existence checking vulnerability in the x86/mtrr component...

sigstore-go 安全漏洞

sigstore-go is a client library for Sigstore from the sigstore open source. A security vulnerability exists in sigstore-go versions prior to 0.6.1, which stems from the processing of maliciously constructed Sigstore Bundles containing massively verifiable data that can lead to excessive CPU...

SUSE: Security Advisory (SUSE-SU-2024:3095-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ucode-intel (SUSE-SU-2024:3095-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3095-1 advisory. - Intel CPU Microcode was updated to the 20240813 release bsc1229129 - CVE-2024-24853: Security...

ROS-20240904-09

A firmware vulnerability in AMD processors based on the Zen2 microarchitecture is related to the memory usage after memory has been freed. Exploitation of the vulnerability could allow an attacker to track register contents while other processes are executing on the same CPU core...

Medium: microcode_ctl

Issue Overview: Insufficient control flow management for some IntelR Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2024-22374 Affected Packages: microcodectl Issue Correction: Run dnf update microcodectl --releasever 2023.5.20240903 ...

SUSE-SU-2024:3095-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20240813 release bsc1229129 - CVE-2024-24853: Security updates for INTEL-SA-01083 - CVE-2024-25939: Security updates for INTEL-SA-01118 - CVE-2024-24980: Security updates for INTEL-SA-01100 -...

CVE-2024-23359 Buffer Over-read in Multi Mode Call Processor

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network...

CVE-2024-23359 Buffer Over-read in Multi Mode Call Processor

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network...

CVE-2024-23358 Buffer Over-read in Multi Mode Call Processor

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem...

CVE-2024-23358 Buffer Over-read in Multi Mode Call Processor

Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in Modem...

ROS-20240902-01

A vulnerability in Intel Microcode processor microcode is related to the possibility of unauthorized bug injection. Exploitation of the vulnerability could allow an attacker to gain access to confidential data, compromise its integrity, and cause a denial of service. Intel Microcode processor...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from an out-of-bounds read issue contained in the Multi Mode Call Processor...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a post-release reuse issue contained in the DSP Services component...

ROS-20240902-02

A vulnerability in the implementation of the INVD processor instruction for virtual machines running on servers with AMD processors is associated with loss or omission of information. AMD processors is associated with information loss or skipping. Exploitation of the vulnerability could allow An...