Moderate: Red Hat Security Advisory: java-11-openjdk ELS security update

An update for java-11-openjdk with Extended Lifecycle Support is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Red Hat Enterprise Linux 9. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit...

ALSA-2025:0426 Moderate: java-21-openjdk security update for AlmaLinux 8.10, 9.4 and 9.5

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Enhance array handling CVE-2025-21502 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Moderate: java-21-openjdk security update for AlmaLinux 8.10, 9.4 and 9.5

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Enhance array handling CVE-2025-21502 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider

Impact Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow, https://github.com/aws/aws-cdk/blob/d16482fc8a4a3e1f62751f481b770c09034df7d2/packages/%40aws-cdk/custom-resource-handlers/lib/aws-iam/oidc-handler/external.tsL34...

CVE-2025-23206 IAM OIDC custom resource allows connection to unauthorized OIDC provider in aws-cdk

The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...

CVE-2025-23206 IAM OIDC custom resource allows connection to unauthorized OIDC provider in aws-cdk

The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...

CVE-2025-23206

The CVE-2025-23206 issue affects AWS CDK (IAM OIDC custom resource workflow). The tls.connect call sets rejectUnauthorized: false, enabling potential MITM risk when downloading CA thumbprints. A patch is in progress; remediation guidance in the connected docs recommends upgrading to CDK v2.177.0 ...

PT-2025-4846

Name of the Vulnerable Software and Affected Versions AWS Cloud Development Kit AWS CDK versions prior to 2.177.0 Description The issue concerns the AWS Cloud Development Kit's AWS CDK handling of IAM OIDC custom resource provider packages. Specifically, the tls.connect method sets...

AWS Cloud Development Kit 数据伪造问题漏洞

AWS Cloud Development Kit is an open source software development framework open sourced by Amazon Web Services for defining cloud infrastructure in code and configuring it via AWS CloudFormation. A data forgery vulnerability exists in AWS Cloud Development Kit, which stems from the fact that it...

PT-2025-2941 · Unknown · Graphics Ddk

Name of the Vulnerable Software and Affected Versions: Graphics DDK version = 24.2 RTM2 Description: Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory. Recommendations: For versions = 24....

RHSA-2025:0220 Red Hat Security Advisory: dpdk security update

Bulletin has no description...

RHSA-2025:0210 Red Hat Security Advisory: dpdk security update

Bulletin has no description...

RHSA-2025:0209 Red Hat Security Advisory: dpdk security update

Bulletin has no description...

dpdk: Denial Of Service from malicious guest on hypervisors using DPDK Vhost library

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using...

Important: Red Hat Security Advisory: dpdk security update

An update for dpdk is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

RHEL 9 : dpdk (RHSA-2025:0208)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:0208 advisory. The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space...

Security update for dpdk

This update for dpdk fixes the following issues: CVE-2024-11614: Fixed Denial Of Service from malicious guest on hypervisors using DPDK Vhost library bsc1234718 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

OESA-2025-1002 dpdk security update

The Data Plane Development Kit is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the...

OESA-2024-2599 dpdk security update

The Data Plane Development Kit is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the...

CVE-2024-11614

...