Multiplehigh risk vulnerabilities were found in Supermicro BMC IPMI firmware that could allow XSS attack or command injection attack. For the details, please see the official Supermicro Advisory

A high risk vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE) on which mod_auth_openidc depends. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag...

A potential security vulnerability CVE-2022-40982 in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates and an optional software sequence to mitigate this potential vulnerability. For details see SVG Advisory...

A Use After Free vulnerability (CVE-2023-1281 and CVE-2023-1829) in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. Kernel upgrade is recommended. Since an attacker can elevate privileges to root, this vulnerability is considered as...

Two vulnerabilities have been found that enable bypassing authentication or injecting malicious code via Redfish remote management interfaces. CVE-2023-34329 - Authentication Bypass via HTTP Header SpoofingCVE-2023-34330 - Code injection via Dynamic Redfish Extension...

A speculative execution vulnerability has been discovered in AMD Zen 2 CPUs.This vulnerability has been dubbed "Zenbleed". A malicious actor could steal sensitive data, such as passwords and encryption keys,resident in the CPU cores. Sensitive data could be extracted...