CVE-2025-21690 scsi: storvsc: Ratelimit warning logs to prevent VM denial of service

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooti...

CVE-2024-49837

Memory corruption while reading CPU state data during guest VM suspend...

CVE-2019-14418

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existi...

CVE-2019-14416

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality...

CVE-2024-33054

Memory corruption during the handshake between the Primary Virtual Machine and Trusted Virtual Machine...

CVE-2024-2860

The PostgreSQL implementation in Brocade SANnav versions before 2.3.0a is vulnerable to an incorrect local authentication flaw. An attacker accessing the VM where the Brocade SANnav is installed can gain access to sensitive data inside the PostgreSQL database...

CVE-2024-31446

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...

CVE-2024-22419

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The concat built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the buildIR for concat doesn't properly adhere to the API of co...

CVE-2024-49837

Memory corruption while reading CPU state data during guest VM suspend...

CVE-2024-49837

Memory corruption while reading CPU state data during guest VM suspend...

CVE-2024-49837 Improper Validation of Array Index in Automotive OS Platform

Memory corruption while reading CPU state data during guest VM suspend...

CVE-2024-49837 Improper Validation of Array Index in Automotive OS Platform

Memory corruption while reading CPU state data during guest VM suspend...

Security update for qemu

This update for qemu fixes the following issues: Update to version 8.2.5: target/loongarch: fix a wrong print in cpu dump ui/sdl2: Allow host to power down screen target/i386: fix SSE and SSE2 feature check target/i386: fix xsave.flat from kvm-unit-tests disas/riscv: Decode all of the pmpcfg and...

Qualcomm Chipsets 输入验证错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An input validation error vulnerability exists in Qualcomm Chipsets that originates from a memory corruption that occurs when reading CPU state data during a guest virtual machine hang...

Vulnerabilities fixed in Oracle Database products

Oracle has fixed vulnerabilities in several database products and subsystems, including the Core Database, Grail, Application Express, GoldenGate and REST data. The vulnerabilities are in several components of the Oracle Database, including the Data Mining component and the Java VM. These...

Oracle Database Server 安全漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. This database management system provides data management, distributed processing, and other functions. A security vulnerability exists in Oracle Database Server. An attacker could exploit the...

January 14, 2025—KB5049984 (OS Build 25398.1369)

January 14, 2025—KB5049984 OS Build 25398.1369 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

CVE-2024-52937

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory...

CVE-2024-47894

Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory...

CVE-2024-52935

CVE-2024-52935 : A kernel-level issue affecting the Imagination Technologies PowerVR-GPU driver. Kernel software running inside a guest VM can access memory shared with the GPU firmware and write data outside the guest’s virtualised GPU memory, enabling potential cross-VM data leakage or memory c...