The vulnerability of the SSL/TLS message processor in microprogramming network devices from Cisco Adaptive Security Appliances and Cisco Firepower Threat Defense allows attackers to induce service failures.

The vulnerability of SSL/TLS message processors in microprogramming network interface devices from Cisco Adaptive Security Appliances and Cisco Firepower Threat Defense involves an operation that goes beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to caus...

bent (>=0.0.9 <=0.0.80), tensorflow-recommenders-addons-gpu (>=0.3.0 <=0.4.1) potentially affected by CVE-2021-41198 via tensorflow-gpu (=2.5.1)

tensorflow-gpu PYPI version =2.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - bent =0.0.9, =0.3.0, =0.4.1 Source cves: CVE-2021-41198 Source advisory: OSV:GHSA-2P25-55C9-H58Q...

bent (>=0.0.9 <=0.0.80), tensorflow-recommenders-addons-gpu (>=0.3.0 <=0.4.1) potentially affected by CVE-2021-41222 via tensorflow-gpu (=2.5.1)

tensorflow-gpu PYPI version =2.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - bent =0.0.9, =0.3.0, =0.4.1 Source cves: CVE-2021-41222 Source advisory: OSV:GHSA-CPF4-WX82-GXP6...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +168 more potentially affected by CVE-2021-41222 via tensorflow-gpu (>=1.10.1 <=2.4.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 and more Source cves: CVE-2021-41222 Source advisory: OSV:GHSA-CPF4-WX82-GXP6...

kernel: DoS in rb_per_cpu_empty()

A lack of CPU resources in the Linux kernel tracing module functionality was found in the way users use the trace ring buffer in specific way. Only privileged local users with CAPSYSADMIN capability could use this flaw to starve the resources causing denial of service...

kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode

A denial of service in the kernel side of the FUSE functionality can allow a local system to create a denial of service...

Intel® Processor Advisory

Summary: A potential security vulnerability in some Intel® Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2021-0146 Description: Hardware allows activation of test or debug logic at...

BIOS Reference Code Advisory

Summary: Potential security vulnerabilities in the BIOS reference code for some Intel® Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2021-0157 Description: Insufficient control flow...

AMD Server Vulnerabilities – November 2021

Bulletin ID: AMD-SB-1021 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...

多款Qualcomm产品缓冲区错误漏洞

Qualcomm QCA6574AU and others are products of Qualcomm Incorporated Qualcomm.QCA6574AU is a central processing unit CPU product.APQ8017 is a central processing unit CPU product.SDX55 is a modem.Qualcomm QCA6574AU is a central processing unit CPU product.APQ8017 is a central processing unit CPU...

GitLab 输入验证错误漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to input validation errors, which can be exploited to cause high CPU usage...

The vulnerability of the incoming email processor in Redmine’s project and task management web application, related to improper authorization, allows a hacker to compromise data integrity.

The vulnerability of the incoming email processor in Redmine’s project and task management web application relates to the bypassing of the addissuenotes permission restrictions. Exploiting this vulnerability could allow a malicious actor to influence the integrity of data...

F5 Networks BIG-IP : Intel processor vulnerabilities (K41043270)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K41043270 advisory. CVE-2021-0086Observable response discrepancy in floating-point operations for some IntelR Processors may allow...

NewStart CGSL CORE 5.05 / MAIN 5.05 : microcode_ctl Multiple Vulnerabilities (NS-SA-2021-0139)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has microcodectl packages installed that are affected by multiple vulnerabilities: - Insufficient access control in protected memory subsystem for IntelR SGX for 6th, 7th, 8th, 9th Generation IntelR CoreTM Processor Families;...

SysFlow - Cloud-native System Telemetry Pipeline

This repository hosts the documentation and issue tracker for all SysFlow projects. Quick reference Documentation : the SysFlow Documentation Where to get help : the SysFlow Community Slack Where to file issues : the github issue tracker Source of this description : repo's readme history Docker...

Researchers Break Intel SGX With New 'SmashEx' CPU Attack Technique

A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability CVE-2021-0186, CVSS score: 8.2 was discovered by a group of academics from...

The vulnerability of AMD’s microprogrammed software for processors lies in the speculative execution of read and write operations that access memory using invalid non- canonical addresses. This allows a hacker to exploit the vulnerability to gain access to information about the CPU’s address space.

The vulnerability of AMD’s microprogramming software is related to speculative operations for reading and writing data to memory, involving the use of non- canonical addresses. Exploiting this vulnerability can allow an attacker to gain access to information about the CPU’s address space, by usin...

kernel: SVM nested virtualization issue in KVM (AVIC support)

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

kernel: SVM nested virtualization issue in KVM (AVIC support)

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

Juniper Networks Junos OS 代码问题漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS is vulnerable to a code issue that could allow an unauthenticated attacker to cause a denial of...