|
2023-08-08
|
CVE-2023-20569
|
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.
|
Epyc_72f3_firmware, Epyc_7313_firmware, Epyc_7313p_firmware, Epyc_7343_firmware, Epyc_7373x_firmware, Epyc_73f3_firmware, Epyc_7413_firmware, Epyc_7443_firmware, Epyc_7443p_firmware, Epyc_7453_firmware, Epyc_7473x_firmware, Epyc_74f3_firmware, Epyc_7513_firmware, Epyc_7543_firmware, Epyc_7543p_firmware, Epyc_7573x_firmware, Epyc_75f3_firmware, Epyc_7643_firmware, Epyc_7663_firmware, Epyc_7713_firmware, Epyc_7713p_firmware, Epyc_7763_firmware, Epyc_7773x_firmware, Epyc_9124_firmware, Epyc_9174f_firmware, Epyc_9184x_firmware, Epyc_9224_firmware, Epyc_9254_firmware, Epyc_9274f_firmware, Epyc_9334_firmware, Epyc_9354_firmware, Epyc_9354p_firmware, Epyc_9374f_firmware, Epyc_9384x_firmware, Epyc_9454_firmware, Epyc_9454p_firmware, Epyc_9474f_firmware, Epyc_9534_firmware, Epyc_9554_firmware, Epyc_9554p_firmware, Epyc_9634_firmware, Epyc_9654_firmware, Epyc_9654p_firmware, Epyc_9684x_firmware, Epyc_9734_firmware, Epyc_9754_firmware, Epyc_9754s_firmware, Ryzen_3_5100_firmware, Ryzen_3_5125c_firmware, Ryzen_3_5300g_firmware, Ryzen_3_5300ge_firmware, Ryzen_3_5300u_firmware, Ryzen_3_5400u_firmware, Ryzen_3_5425u_firmware, Ryzen_3_7335u_firmware, Ryzen_3_7440u_firmware, Ryzen_3_pro_7330u_firmware, Ryzen_5_5500_firmware, Ryzen_5_5500u_firmware, Ryzen_5_5560u_firmware, Ryzen_5_5600_firmware, Ryzen_5_5600g_firmware, Ryzen_5_5600ge_firmware, Ryzen_5_5600h_firmware, Ryzen_5_5600hs_firmware, Ryzen_5_5600u_firmware, Ryzen_5_5600x3d_firmware, Ryzen_5_5600x_firmware, Ryzen_5_5625u_firmware, Ryzen_5_6600h_firmware, Ryzen_5_6600hs_firmware, Ryzen_5_6600u_firmware, Ryzen_5_7500f_firmware, Ryzen_5_7535hs_firmware, Ryzen_5_7535u_firmware, Ryzen_5_7540u_firmware, Ryzen_5_7600_firmware, Ryzen_5_7600x_firmware, Ryzen_5_7640h_firmware, Ryzen_5_7640u_firmware, Ryzen_5_7645hx_firmware, Ryzen_5_pro_5645_firmware, Ryzen_5_pro_7530u_firmware, Ryzen_5_pro_7640hs_firmware, Ryzen_5_pro_7645_firmware, Ryzen_7_5700_firmware, Ryzen_7_5700g_firmware, Ryzen_7_5700ge_firmware, Ryzen_7_5700u_firmware, Ryzen_7_5700x_firmware, Ryzen_7_5800_firmware, Ryzen_7_5800h_firmware, Ryzen_7_5800hs_firmware, Ryzen_7_5800u_firmware, Ryzen_7_5800x3d_firmware, Ryzen_7_5800x_firmware, Ryzen_7_5825u_firmware, Ryzen_7_6800h_firmware, Ryzen_7_6800hs_firmware, Ryzen_7_6800u_firmware, Ryzen_7_7700_firmware, Ryzen_7_7700x_firmware, Ryzen_7_7735hs_firmware, Ryzen_7_7735u_firmware, Ryzen_7_7736u_firmware, Ryzen_7_7745hx_firmware, Ryzen_7_7800x3d_firmware, Ryzen_7_7840h_firmware, Ryzen_7_7840u_firmware, Ryzen_7_pro_5845_firmware, Ryzen_7_pro_7730u_firmware, Ryzen_7_pro_7745_firmware, Ryzen_7_pro_7840hs_firmware, Ryzen_9_5900_firmware, Ryzen_9_5900hs_firmware, Ryzen_9_5900hx_firmware, Ryzen_9_5900x_firmware, Ryzen_9_5950x_firmware, Ryzen_9_5980hs_firmware, Ryzen_9_5980hx_firmware, Ryzen_9_6900hs_firmware, Ryzen_9_6900hx_firmware, Ryzen_9_6980hs_firmware, Ryzen_9_6980hx_firmware, Ryzen_9_7845hx_firmware, Ryzen_9_7900_firmware, Ryzen_9_7900x3d_firmware, Ryzen_9_7900x_firmware, Ryzen_9_7940h_firmware, Ryzen_9_7945hx3d_firmware, Ryzen_9_7945hx_firmware, Ryzen_9_7950x3d_firmware, Ryzen_9_7950x_firmware, Ryzen_9_pro_5945_firmware, Ryzen_9_pro_7640hs_firmware, Ryzen_9_pro_7945_firmware, Ryzen_threadripper_pro_5945wx_firmware, Ryzen_threadripper_pro_5955wx_firmware, Ryzen_threadripper_pro_5965wx_firmware, Ryzen_threadripper_pro_5975wx_firmware, Ryzen_threadripper_pro_5995wx_firmware, Debian_linux, Fedora, Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_21h2, Windows_11_22h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022
|
4.7
|
|
|
|
2021-11-03
|
CVE-2021-37147
|
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.
|
Traffic_server, Debian_linux
|
7.5
|
|
|
|
2022-10-19
|
CVE-2022-39253
|
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks...
|
Xcode, Debian_linux, Fedora, Git
|
5.5
|
|
|
|
2023-05-25
|
CVE-2023-31130
|
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed...
|
C\-Ares, Debian_linux, Fedora
|
6.4
|
|
|
|
2023-05-25
|
CVE-2023-32067
|
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
|
C\-Ares, Debian_linux, Fedora
|
7.5
|
|
|
|
2023-07-24
|
CVE-2023-20593
|
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
|
Athlon_gold_7220u_firmware, Epyc_7232p_firmware, Epyc_7252_firmware, Epyc_7262_firmware, Epyc_7272_firmware, Epyc_7282_firmware, Epyc_7302_firmware, Epyc_7302p_firmware, Epyc_7352_firmware, Epyc_7402_firmware, Epyc_7402p_firmware, Epyc_7452_firmware, Epyc_7502_firmware, Epyc_7502p_firmware, Epyc_7532_firmware, Epyc_7542_firmware, Epyc_7552_firmware, Epyc_7642_firmware, Epyc_7662_firmware, Epyc_7702_firmware, Epyc_7702p_firmware, Epyc_7742_firmware, Epyc_7f32_firmware, Epyc_7f52_firmware, Epyc_7f72_firmware, Epyc_7h12_firmware, Ryzen_3_3100_firmware, Ryzen_3_3300x_firmware, Ryzen_3_4300g_firmware, Ryzen_3_4300ge_firmware, Ryzen_3_5300u_firmware, Ryzen_3_7320u_firmware, Ryzen_3_pro_4200g_firmware, Ryzen_3_pro_4350g_firmware, Ryzen_3_pro_4350ge_firmware, Ryzen_3_pro_4450u_firmware, Ryzen_5_3500_firmware, Ryzen_5_3500x_firmware, Ryzen_5_3600_firmware, Ryzen_5_3600x_firmware, Ryzen_5_3600xt_firmware, Ryzen_5_4600g_firmware, Ryzen_5_4600ge_firmware, Ryzen_5_5500u_firmware, Ryzen_5_7520u_firmware, Ryzen_5_pro_4400g_firmware, Ryzen_5_pro_4650g_firmware, Ryzen_5_pro_4650ge_firmware, Ryzen_7_3700x_firmware, Ryzen_7_3800x_firmware, Ryzen_7_3800xt_firmware, Ryzen_7_4700g_firmware, Ryzen_7_4700ge_firmware, Ryzen_7_5700u_firmware, Ryzen_7_pro_4750g_firmware, Ryzen_7_pro_4750ge_firmware, Ryzen_7_pro_4750u_firmware, Ryzen_9_3900_firmware, Ryzen_9_3900x_firmware, Ryzen_9_3900xt_firmware, Ryzen_9_3950x_firmware, Ryzen_9_pro_3900_firmware, Ryzen_threadripper_3960x_firmware, Ryzen_threadripper_3970x_firmware, Ryzen_threadripper_3990x_firmware, Ryzen_threadripper_pro_3945wx_firmware, Ryzen_threadripper_pro_3955wx_firmware, Ryzen_threadripper_pro_3975wx_firmware, Ryzen_threadripper_pro_3995wx_firmware, Debian_linux, Xen
|
5.5
|
|
|
|
2023-08-08
|
CVE-2023-20588
|
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
|
Athlon_gold_3150g_firmware, Athlon_gold_3150ge_firmware, Athlon_gold_pro_3150g_firmware, Athlon_gold_pro_3150ge_firmware, Athlon_pro_300ge_firmware, Athlon_silver_3050ge_firmware, Athlon_silver_pro_3125ge_firmware, Epyc_7251_firmware, Epyc_7261_firmware, Epyc_7281_firmware, Epyc_7301_firmware, Epyc_7351_firmware, Epyc_7351p_firmware, Epyc_7371_firmware, Epyc_7401_firmware, Epyc_7401p_firmware, Epyc_7451_firmware, Epyc_7501_firmware, Epyc_7551_firmware, Epyc_7551p_firmware, Epyc_7571_firmware, Epyc_7601_firmware, Ryzen_3_3200g_firmware, Ryzen_3_3200ge_firmware, Ryzen_3_pro_3200g_firmware, Ryzen_3_pro_3200ge_firmware, Ryzen_5_3400g_firmware, Ryzen_5_pro_3350g_firmware, Ryzen_5_pro_3350ge_firmware, Ryzen_5_pro_3400g_firmware, Ryzen_5_pro_3400ge_firmware, Debian_linux, Fedora, Windows_10_1507, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_21h2, Windows_11_22h2, Windows_11_23h2, Windows_server_2008, Windows_server_2012, Windows_server_2016, Windows_server_2019, Windows_server_2022_23h2, Xen
|
5.5
|
|
|
|
2023-09-25
|
CVE-2023-3550
|
Mediawiki v1.40.0 does not validate namespaces used in XML files.
Therefore, if the instance administrator allows XML file uploads,
a remote attacker with a low-privileged user account can use this
exploit to become an administrator by sending a malicious link to
the instance administrator.
|
Debian_linux, Mediawiki
|
7.3
|
|
|
|
2023-12-21
|
CVE-2023-7024
|
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
Debian_linux, Fedora, Chrome
|
8.8
|
|
|
|
2019-11-04
|
CVE-2019-18683
|
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(),...
|
Fabric_operating_system, Ubuntu_linux, Debian_linux, Linux_kernel, 8300_firmware, 8700_firmware, A400_firmware, A700s_firmware, Active_iq_unified_manager, Cloud_backup, Data_availability_services, E\-Series_santricity_os_controller, Element_software, H610s_firmware, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Leap
|
7.0
|
|
|