CVE-2023-48010

STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets...

CVE-2023-48010

CVE-2023-48010 affects STMicroelectronics SPC58 PowerPC automotive MCUs. The vulnerability arises from a missing protection mechanism for an alternate hardware interface, allowing code executing with Supervisor privileges to disable the System Memory Protection Unit and obtain unabridged read/wri...

Proactively Managing High-Risk Vulnerabilities with TruRisk Mitigate™

In late 2024, organizations faced over 65 million detections from three critical vulnerabilities—CVE-2013-2900, CVE-2024-38122, and CVE-2024-30078—underscoring the urgent need for proactive vulnerability management. Adding to these challenges, the Qualys Threat Research Unit TRU uncovered five...

PT-2025-3582

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the scsi: mpi3mr driver. The driver exposes a sysfs interface to enable or disable PHYs in a controller/expander setup...

The vulnerability of the powerpc/pseries/iommu components in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the powerpc/pseries/iommu components in the Linux operating system is related to the dereferencing of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

PyJWT Issuer field partial matches allowed

Summary The wrong string if check is run for iss checking, resulting in "acb" being accepted for "abc". Details This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. diff - if isinstanceissuer, list: + if...

GHSA-75C5-XW7C-P5PM PyJWT Issuer field partial matches allowed

Summary The wrong string if check is run for iss checking, resulting in "acb" being accepted for "abc". Details This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. diff - if isinstanceissuer, list: + if...

DEBIAN-CVE-2024-53259

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

CVE-2024-33037 Buffer Over-read in Neural Processing Unit

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesnt validate the IPC message received from the firmware...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a potential memory corruption when passing invalid input to invoke the GPU Headroom API if the input is not validated...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of some GPU-mapped BOs in the drm/panthor component, resulting in a kernel warning...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which stems from the NPU firmware being able to send invalid Inter-Process Communication IPC messages to the NPU driver without the driver validating the IPC messages...

Race Condition

Overview benchexec is a framework for reliable benchmarking and resource measurement. Affected versions of this package are vulnerable to Race Condition via the asynchronous StartTransientUnit method within cgroupsv2.py. An attacker could manipulate the timing of transient unit creation, leading ...

PT-2024-30628 · Imagination Technologies +1 · Graphics Ddk +1

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue allows software installed and run by a non-privileged user to make improper GPU system calls, enabling unprivileged access to an...

ROS-20241129-02

A vulnerability in the openvswitch component of the Linux operating system kernel is related to incorrect input validation in the parseicmpv6 function in net/openvswitch/flow.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the cppccpufr...

Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks

Meta Platforms, Microsoft, and the U.S. Department of Justice DoJ have announced independent actions to tackle cybercrime and disrupt services that enable scams, fraud, and phishing attacks. To that end, Microsoft's Digital Crimes Unit DCU said it seized 240 fraudulent websites associated with an...

Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package

Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server since version 21.04 that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit TRU, which identified...

Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart

The Qualys Threat Research Unit TRU has identified five Local Privilege Escalation LPE vulnerabilities within the needrestart component, which is installed by default on Ubuntu Server. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unit parameter in print-customoid.php. PoC Pass in a unit parameter value, when...

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

Cybersecurity researchers have disclosed two security flaws in Google's Vertex machine learning ML platform that, if successfully exploited, could allow malicious actors to escalate privileges and exfiltrate models from the cloud. "By exploiting custom job permissions, we were able to escalate ou...