CVE-2025-2184 Cortex XDR Broker VM: Secrets Shared Across Multiple Broker VM Images

A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations. The attacker must have...

CVE-2025-2184

Summary: CVE-2025-2184 describes a credential management flaw in Palo Alto Networks Cortex XDR® Broker VM. Different Broker VM images reportedly share identical default credentials for internal services, enabling an attacker with network access to access internal services on other Broker VM insta...

Linux Distros Unpatched Vulnerability : CVE-2022-48949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory,...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the uefivarswrite function. The UEFIVARSREGPIOBUFFERTRANSFER register is not cleared between write callbacks with uefivarswrite and read callbacks with uefivarsrea...

Linux Distros Unpatched Vulnerability : CVE-2025-38256

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: fix folio unpinning syzbot complains about an unmapping failure: 108.070381 T1...

Linux Distros Unpatched Vulnerability : CVE-2023-6856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacke...

Linux Distros Unpatched Vulnerability : CVE-2025-37936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBSENABLE loaded for guest with vCPU's value. When generating the...

Linux Distros Unpatched Vulnerability : CVE-2022-49884

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfntopfncache locks in dedicated helper Move the gfntopfncache lock...

Linux Distros Unpatched Vulnerability : CVE-2025-38396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs: export anoninodemakesecureinode and fix secretmem LSM bypass Export...

Linux Distros Unpatched Vulnerability : CVE-2025-21839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: x86: Load DR6 with guest value only before entering .vcpurun loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core...

Linux Distros Unpatched Vulnerability : CVE-2025-37849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: arm64: Tear down vGIC on failed vCPU creation If kvmarchvcpucreate fails to share the vCPU page with the hypervisor, we propagate the error back to the ioc...

Linux Distros Unpatched Vulnerability : CVE-2024-9594

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security issue was discovered in the Kubernetes Image Builder versions = v0.1.37 where default credentials are enabled during the image build process when usi...

The vulnerability of the software platform for managing execution environments of virtual machines in Apache CloudStack lies in the insecure management of privileges, allowing attackers to escalate their privileges.

The vulnerability of the software platform that manages virtual machine environments in Apache CloudStack relates to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

Linux Distros Unpatched Vulnerability : CVE-2024-35981

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: virtionet: Do not send RSS key if it is not supported There is a bug when setting the RSS...

Linux Distros Unpatched Vulnerability : CVE-2018-18021

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVMSETONREG ioctl. This is exploitable by attackers who ca...

CLSA-2025-1754552669 kernel: Fix of 12 CVEs

net: ch9200: fix uninitialised access during miinwayrestart CVE-2025-38086 - idpf: fix null-ptr-deref in idpffeaturescheck CVE-2025-38053 - ftrace: Fix NULL pointer dereference in isftracetrampoline when ftrace is dead CVE-2022-49977 - sched/fair: Fix potential memory corruption in...

VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify

...

Linux Distros Unpatched Vulnerability : CVE-2024-44981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix UBSAN 'subtraction overflow' error in shiftandmask UBSAN reports the followin...

Moderate: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security update

An update for the virt:rhel and virt-devel:rhel module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A...

The vulnerability of the Broker VM component in the Cortex XDR security platform, related to improper protection of the alternative path, allows a perpetrator to disclose protected information.

The vulnerability of the Broker VM component in the Cortex XDR security platform is related to improper protection of the alternative path. Exploiting this vulnerability can allow an attacker to disclose protected information...