AMD Secure Processor和AMD System Management Unit 输入验证错误漏洞

The AMD System Management Unit SMU and AMD Secure Processor ASP are both products of UltraMicroelectronics AMD, Inc.The AMD System Management Unit is a system management unit.The AMD Secure Processor is a standalone AMD Secure Processor is a standalone ARM Coretex-A5 chip. A security vulnerabilit...

AMD Secure Processor和AMD System Management Unit 缓冲区错误漏洞

The AMD System Management Unit SMU and AMD Secure Processor ASP are both products of UltraMicroelectronics AMD, Inc.The AMD System Management Unit is a system management unit.The AMD Secure Processor is a standalone AMD Secure Processor is a standalone ARM Coretex-A5 chip. A security vulnerabilit...

Client Vulnerabilities – May 2023

Bulletin ID: AMD-SB-4001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor ASP, AMD System Management Unit SMU, and other platform components were discovered, and mitigations are being...

RXSA-2023:1566 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: stack overflow in doprocdointvec and procskipspaces CVE-2022-4378 ALSA: pcm: Move rwsem lock inside sndctlelemread to prevent UAF CVE-2023-0266 kernel: FUSE filesystem low-privileged user...

Strategy owner can steal staker funds.

Lines of code Vulnerability details Impact The functions StrategyManager.depositIntoStrategy and StrategyManager.depositIntoStrategyWithSignature doesn't check if the msg.sender != strategy. Hence, a strategy owner can deposit into his own strategy and specify the staker to his own EOA account, a...

Netflix MH370: The plane that wasn’t hacked

I’m a sucker for a good documentary, but the recent Netflix MH370 piece had me shouting at the screen. The first episode talks about the most widely accepted theory; a pilot-created murder-suicide. However, the second episode goes off the rails, discussing Russian special operations hacking the...

Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply these patches manually...

PT-2023-16072 · Nvidia +1 · Nvidia Gpu Display Driver +1

Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Linux affected versions not specified Description: The issue is related to a NULL pointer dereference in the kernel mode layer of the NVIDIA GPU Display Driver for Linux, which may lead to denial of service...

GHSA-QRGF-9GPC-VRXW Bypass of CSRF protection in the presence of predictable userInfo

Description The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the use...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on April 20, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical...

Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks

Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution RCE vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 CVSS score: 7.2, concerns a...

INEA ME RTU 操作系统命令注入漏洞

The INEA ME RTU is a remote terminal unit from INEA. It implements the data interface between the remote device and the control center. A security vulnerability exists in INEA ME RTU version 3.36 and earlier, which stems from the presence of an operating system command injection vulnerability. Th...

USN-6032-1 linux-oem-6.0 vulnerabilities

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash. CVE-2022-36280 Gerald Lee discovered that the USB Gadget file system implementation in the...

Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine

Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google's Threat Analysis Group TAG, which is monitoring the...

CVE-2021-40507

An issue was discovered in the ALU unit of the OR1200 aka OpenRISC 1200 processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated correctly for the subtract instruction, which results in an incorrect value in the overflow flag. Any software that relies on this flag may...

CVE-2021-40506

An issue was discovered in the ALU unit of the OR1200 aka OpenRISC 1200 processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated for the msb and mac instructions, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience...

CVE-2021-41612

An issue was discovered in the ALU unit of the OpenRISC mor1kx processor. The carry flag is not being updated correctly for the subtract instruction, which results in an incorrect value of the carry flag. Any software that relies on this flag may experience corruption in execution...

CVE-2021-41614

An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write access permissions to the Exception Program Counter Register EPCR are not implemented correctly. User programs from an unauthorized privilege level can make read/write accesses to EPCR...

CVE-2021-41613

An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register EEAR is not implemented correctly. User programs from authorized privilege levels will be unable to write to EEAR...

Design/Logic Flaw

An issue was discovered in the ALU unit of the OR1200 aka OpenRISC 1200 processor 2011-09-10 through 2015-11-11. The overflow flag is not being updated for the msb and mac instructions, which results in an incorrect value in the overflow flag. Any software that relies on this flag may experience...