Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel(R)
Xeon(R) processors did not properly restrict access to the memory
controller when using Intel(R) SGX. This may allow a local privileged
attacker to further escalate their privileges. (CVE-2024-21820,
CVE-2024-23918)

It was discovered that some 4th and 5th Generation Intel(R) Xeon(R)
Processors did not properly implement finite state machines (FSMs) in
hardware logic. THis may allow a local privileged attacker to cause a
denial of service (system crash). (CVE-2024-21853)

It was discovered that some Intel(R) Processors did not properly restrict
access to the Running Average Power Limit (RAPL) interface. This may allow
a local privileged attacker to obtain sensitive information.
(CVE-2024-23984)

It was discovered that some Intel(R) Processors did not properly implement
finite state machines (FSMs) in hardware logic. This may allow a local
privileged attacker to cause a denial of service (system crash).
(CVE-2024-24968)

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More

Multiple security vulnerabilities were discovered in python-aiohttp,
a HTTP client/server for asyncio, which could result in denial of
service, directory traversal, CRLF injection or request smuggling.

https://security-tracker.debian.org/tracker/DSA-5828-1

Read More

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– x86 architecture;
– ATM drivers;
– Device frequency scaling framework;
– GPU drivers;
– Hardware monitoring drivers;
– VMware VMCI Driver;
– MTD block device drivers;
– Network drivers;
– Device tree and open firmware driver;
– SCSI subsystem;
– USB Serial drivers;
– BTRFS file system;
– File systems infrastructure;
– F2FS file system;
– JFS file system;
– NILFS2 file system;
– Netfilter;
– Memory management;
– Ethernet bridge;
– IPv6 networking;
– Logical Link layer;
– MAC80211 subsystem;
– NFC subsystem;
– Network traffic control;
(CVE-2021-47055, CVE-2024-26675, CVE-2024-42244, CVE-2024-46743,
CVE-2024-41095, CVE-2024-46756, CVE-2024-46723, CVE-2024-46759,
CVE-2024-35877, CVE-2024-38538, CVE-2024-26668, CVE-2024-44998,
CVE-2024-42309, CVE-2024-46758, CVE-2024-46800, CVE-2022-48733,
CVE-2023-52531, CVE-2023-52599, CVE-2024-46722, CVE-2024-42240,
CVE-2024-44987, CVE-2023-52502, CVE-2023-52578, CVE-2024-41059,
CVE-2024-41071, CVE-2024-44942, CVE-2024-46738, CVE-2022-48943,
CVE-2023-52614, CVE-2024-27397, CVE-2024-38560, CVE-2024-43882,
CVE-2024-42104, CVE-2024-46757, CVE-2024-26636, CVE-2024-26633,
CVE-2024-41089, CVE-2024-42310, CVE-2022-48938)

Read More