Monthly
Improper BIOS initialization in certain ThinkPad models enables local privileged users to modify system data and execute arbitrary code with high integrity impact. The vulnerability requires elevated privileges and local access, posing a risk to organizations where administrative users may be compromised or untrusted. No patch is currently available.
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. [CVSS 7.5 HIGH]
filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point.
Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity
Ethernet 800-Serie versions up to 2.2.2.0 contains a vulnerability that allows attackers to an information disclosure (CVSS 3.3).
In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. [CVSS 2.9 LOW]
Unauthenticated network-based attackers can cause a denial of service on Juniper EX4000-48T, EX4000-48P, and EX4000-48MP switches by sending high-volume traffic that crashes the FXPC component and forces a device restart. The vulnerability stems from improper resource initialization in the Internal Device Manager and results in complete service outage until automatic recovery completes. Affected versions include Junos OS 24.4 before 24.4R2 and 25.2 before 25.2R1, with no patch currently available.
Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked Storage Device or create a Denial of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.
Improper BIOS initialization in certain ThinkPad models enables local privileged users to modify system data and execute arbitrary code with high integrity impact. The vulnerability requires elevated privileges and local access, posing a risk to organizations where administrative users may be compromised or untrusted. No patch is currently available.
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. [CVSS 7.5 HIGH]
filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point.
Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity
Ethernet 800-Serie versions up to 2.2.2.0 contains a vulnerability that allows attackers to an information disclosure (CVSS 3.3).
In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. [CVSS 2.9 LOW]
Unauthenticated network-based attackers can cause a denial of service on Juniper EX4000-48T, EX4000-48P, and EX4000-48MP switches by sending high-volume traffic that crashes the FXPC component and forces a device restart. The vulnerability stems from improper resource initialization in the Internal Device Manager and results in complete service outage until automatic recovery completes. Affected versions include Junos OS 24.4 before 24.4R2 and 25.2 before 25.2R1, with no patch currently available.
Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked Storage Device or create a Denial of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.
Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.