Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon M340, M580 and M580 CPU (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Control Expert, EcoStruxure Process Expert, Modicon M340 CPU, Modicon M580 CPU, Modicon Momentum Unity M1E Processor, Modicon MC80 Vulnerability: Authentication Bypass by...

PT-2023-1409 · Amd · Amd Processor Security

Name of the Vulnerable Software and Affected Versions: AMD processor security software affected versions not specified Description: The issue is related to insufficient input validation during the parsing of the System Management Mode SMM binary, which may allow a maliciously crafted SMM executab...

PT-2023-12087 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to the failure to validate the integer operand in the ASP bootloader, which may allow an attacker to introduce an integer overflow in the L2 directory tabl...

PT-2023-1483 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified Description: The issue is related to a Time-of-Check-to-Time-of-Use TOCTOU vulnerability in the ASP, which may allow a physical attacker to write beyond buffer bounds. This could...

PT-2023-1482 · Amd · Amd System Management Unit +1

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP and System Management Unit SMU affected versions not specified Description: The issue is related to the software interfaces of ASP and SMU, which may not properly enforce the SNP memory security policy. This could lea...

AMD Client Vulnerabilities – January 2023

Bulletin ID: AMD-SB-1031 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary In collaboration with various third parties, AMD platforms were audited for potential security exposures. Potential vulnerabilities in AMD Secure Processor ASP,...

AMD Server Vulnerabilities – January 2023

Bulletin ID: AMD-SB-1032 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...

PT-2023-1402 · Amd · Amd Bios +1

Name of the Vulnerable Software and Affected Versions: AMD BIOS affected versions not specified Description: The issue is related to insufficient validation in ASP BIOS and DRTM commands, which may allow malicious supervisor x86 software to disclose the contents of sensitive memory, resulting in...

PT-2023-1407 · Amd · Amd Bios

Name of the Vulnerable Software and Affected Versions: AMD BIOS software affected versions not specified Description: The issue is related to a buffer overflow in the memory of AMD processor security microcode, potentially allowing a remote attacker to disclose protected information. It involves...

K000130500: AMD processors vulnerability CVE-2022-23825

Security Advisory Description Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. CVE-2022-23825 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

MediaTek 安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in MediaTek that originates from a possible out-of-bounds write in isp due to a competitive condition, which may result in local privilege escalation and affect the following products...

Cisco IOS XE Software Rate Limiting Network Address Translation DoS (cisco-sa-ratenat-pYVLA7wM)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Rate Limiting Network Address Translation NAT feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco...

Cisco IOS XE Software Rate Limiting Network Address Translation DoS (cisco-sa-ratenat-pYVLA7wM) Unpatched Commands

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Rate Limiting Network Address Translation NAT feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco...

The software for programming Mitsubishi Electric GX Works3 is vulnerable, allowing a intruder to gain access to the CPU module and the OPC UA server module.

The vulnerability of the software for programming Mitsubishi Electric GX Works3 lies in the storage of information in an open manner. Exploiting this vulnerability can allow a malicious actor to gain access to the CPU module and the OPC UA server module...

Go-Yaml 资源管理错误漏洞

Go-Yaml is a Yaml support for the Go language. It enables Go programs to easily encode and decode Yaml values. A security vulnerability exists in Go-Yaml, which stems from the fact that parsing malicious or large YAML documents may consume too much CPU or memory...

The vulnerability of the software component responsible for processing resource bundles in VMware vCenter Server allows a attacker to cause a service failure.

The vulnerability of the resource bundle processor in the software that manages virtual infrastructure such as VMware vCenter Server relates to the execution of a cycle without sufficient restrictions on its frequency of execution. Exploiting this vulnerability could allow an attacker, operating...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Radio Steam Disclosure

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Unauthenticated Radio Stream Disclosure Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco...

Loofah gem for Ruby 安全漏洞

The Loofah gem for Ruby is a Ruby-based library for processing and transforming HTML/XML documents. A security vulnerability exists in Loofah gem for Ruby prior to version 2.19.1, which stems from the inclusion of an inefficient regular expression that is susceptible to excessive backtracking whe...

hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions

A flaw was found in hw. Non-transparent sharing of branch predictor targets between contexts in some IntelR processors may potentially allow an authorized user to enable information disclosure via local access...

hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions

A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions...