29 matches found
CVE-2023-31142
Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, if a site has modified their general category permissions, they could be set back to the default. This issue is patched in version 3.0.4 of t...
Linux Distros Unpatched Vulnerability : CVE-2024-31142
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return...
SUSE: Security Advisory (SUSE-SU-2024:2535-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : xen (SUSE-SU-2024:2535-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2535-1 advisory. - CVE-2023-28746: Register File Data Sampling XSA-452, bsc1221332 - CVE-2023-46842: HVM hypercalls may trigger Xen bug check XSA-45...
SUSE-SU-2024:2535-1 Security update for xen
This update for xen fixes the following issues: - CVE-2023-28746: Register File Data Sampling XSA-452, bsc1221332 - CVE-2023-46842: HVM hypercalls may trigger Xen bug check XSA-454, bsc1221984 - CVE-2024-2193: Fixed GhostRace, a speculative race conditions. XSA-453, bsc1221334 - CVE-2024-2201:...
Fedora: Security Advisory for xen (FEDORA-2024-a676697123)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-a46df5ba2f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-31142
Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...
CVE-2024-31142
Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...
CVE-2024-31142 x86: Incorrect logic for BTC/SRSO mitigations
Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...
openSUSE: Security Advisory for xen (SUSE-SU-2024:1540-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : xen (SUSE-SU-2024:1541-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1541-1 advisory. - x86: Native Branch History Injection XSA-456, CVE-2024-2201 update to xen 4.17.4, remove patches now included upstream rebase...
SUSE: Security Advisory (SUSE-SU-2024:1541-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : xen (2024-a46df5ba2f)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a46df5ba2f advisory. x86: Native Branch History Injection XSA-456, CVE-2024-2201 update to xen 4.18.2, remove patches now included upstream x86 HVM hypercalls may trigge...
Fedora 39 : xen (2024-4357ec611d)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4357ec611d advisory. x86: Native Branch History Injection XSA-456, CVE-2024-2201 update to xen 4.17.4, remove patches now included upstream rebase xen.gcc12.fixes.patch...
Fedora 38 : xen (2024-a676697123)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a676697123 advisory. x86: Native Branch History Injection XSA-456, CVE-2024-2201 update to xen 4.17.4, remove patches now included upstream rebase xen.gcc12.fixes.patch...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xen (SUSE-SU-2024:1295-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1295-1 advisory. - This CVE was assigned by Intel. Please see CVE-2024-2201 on CVE.org for more information...
SUSE-SU-2024:1295-1 Security update for xen
This update for xen fixes the following issues: - CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls XSA-454 in xen x86 bsc1221984 - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations XSA-455 in xen x86 bsc1222302 - CVE-2024-2201: Fixed memory...
XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142
Description of Problem Two issues have been identified that affect XenServer and Citrix Hypervisor; each issue may allow malicious unprivileged code in a guest VM to infer the contents of memory belonging to its own or other VMs on the same host. These issues have the following identifiers:...
Discourse < 3.0.4 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescriptio...