OESA-2025-1002 dpdk security update

The Data Plane Development Kit is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the...

OESA-2024-2599 dpdk security update

The Data Plane Development Kit is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the...

Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library

...

UBUNTU-CVE-2024-11614

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using...

Moderate: Red Hat Security Advisory: edk2:20240524 security update

An update for the edk2:20240524 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

DPDK Vhost Library 缓冲区错误漏洞

The DPDK Vhost Library is a library of user-space implementations of the vhost protocol from the DPDK organization. A buffer error vulnerability exists in the DPDK Vhost Library, which stems from the presence of a buffer overflow vulnerability that could result in a denial of service or arbitrary...

APSB24-98 : Security update available for Adobe PDFL SDK

Adobe has released an update for the Adobe PDF Library Software Development Kit SDK for Windows, Linux and macOS. Adobe PDFL SDK contains a set of functions for developing third-party solutions and workflows built upon the Adobe PDF standard. This update resolves a critical vulnerability that cou...

Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u432 icedtea-3.33.0: - CVE-2024-21208: Fixed partial DoS in component Networking bsc1231702,JDK-8328286 - CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data...

Panda Security Dome 安全漏洞

Panda Security Dome is an antivirus product for ransomware and spyware from the Spanish company Panda Security. A security vulnerability exists in Panda Security Dome that stems from a lack of proper permission settings for folders created by the Hydra Sdk Windows service, which could allow a loc...

edk2: Integer overflows in PeCoffLoaderRelocateImage

A flaw was found in the EDK2 package. This flaw allows an attacker to cause memory corruption due to an overflow via an adjacent network. This issue may lead to loss of confidentiality, integrity, and availability...

Moderate: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

Zoom多款产品 安全漏洞

Zoom Rooms and others are products of Zoom Corporation, a U.S.-based company.Zoom Rooms is a software-based conferencing system.Zoom Meeting SDK is a development kit.Zoom Workplace is a desktop application. A security vulnerability exists in a number of Zoom products. The vulnerability stems from...

CVE-2024-21287

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain component: Software Development Kit, Process Extension. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...

ALSA-2024:9088 Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC CVE-2023-6129 openssl: Excessive time spent...

ALSA-2024:8935 Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: Possible denial of service in X.509 name checks CVE-2024-6119 For more details about the security issues, including...

RLSA-2024:8117 Moderate: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function CVE-2023-48161 JDK: Array indexing integer overflow 8328544 CVE-2024-21210 JD...

AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services AWS Cloud Development Kit CDK that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access...

SUSE: Security Advisory (SUSE-SU-2024:3717-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: java-17-openjdk security update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Telecommunications...

JDK: HTTP client improper handling of maxHeaderSize (8328286)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;...