Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: incorrect handling of ZIP files with duplica...

PT-2024-1150 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.21 Oracle Database Server versions 21.3 through 21.12 Description: The issue is related to insufficient input validation in the Java VM component of Oracle Database Server. This can be exploited...

open security update

CentOS Errata and Security Advisory CESA-2023:7279 An update for open-vm-tools is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

NVIDIA DGX Security Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA Corporation. A security vulnerability exists in NVIDIA DGX A100 Servers, which stems from a flaw in the host KVM daemon that could allow an unauthenticated attacker to cause a stack overflow by sending special...

NVIDIA DGX Security Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA Corporation. A security vulnerability exists in NVIDIA DGX A100 Servers, which stems from a flaw in the host KVM daemon that could allow an unauthenticated attacker to cause a stack overflow by sending special...

Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer

Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. "These YouTube videos typically feature content related to cracked applications, presenting users with similar...

ALPINE-CVE-2023-34328

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. AMD CPUs since 2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of...

Xen Buffer Error Vulnerability

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen, whic...

PVS | Error Id: XDDS:A6D8C1E7 - Unable to add Target Device to Catalog

Attempting to add Target Devices will return the following error: "The virtual machine with Mac Address in the selected Device Collection could not be found in any available connection". In View Details the following information is present: Error Id: XDDS:A6D8C1E7 Exception: DesktopStudioErrorId ...

CVE-2024-21629

Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...

CVE-2024-21629

Rust EVM contains a vulnerability in the record_external_operation feature of rust-evm. During finalization of CREATE/CREATE2, if substack execution succeeds, the substate is committed before calling record_external_operation(Write(out_code.len())). If record_external_operation later fails, the e...

CVE-2024-21629 Erroneous handling of `record_external_operation` error return

Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...

CVE-2024-21629 Erroneous handling of `record_external_operation` error return

Rust EVM is an Ethereum Virtual Machine interpreter. In rust-evm, a feature called recordexternaloperation was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a CREATE or...

Mozilla: Heap-buffer-overflow affecting WebGL <code>DrawElementsInstanced</code> method with Mesa VM driver

The Mozilla Foundation Security Advisory describes this flaw as: The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a denial of service vulnerability in the virtual machine hypervisor...

vmm-sys-util security vulnerability

vmm-sys-util is a collection of modules providing helpers and utilities used by several rust-vmm components. A security vulnerability exists in vmm-sys-util versions prior to 0.5.0 through 0.12.0 that stems from an out-of-bounds memory access vulnerability in the FamStructWrapper component...

PT-2024-12379 · Unknown · Hypervisor

Name of the Vulnerable Software and Affected Versions: Hypervisor affected versions not specified Description: The issue involves a permanent denial of service DOS in the Hypervisor when an untrusted virtual machine VM without Power State Coordination Interface PSCI support makes a PSCI call. Thi...

CVE-2022-41761

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files...

Denial Of Service (DOS)

QEMU virtual machine monitor is vulnerable to Denial Of Service DOS. The vulnerability is caused due to a DMA reentrancy issue leading to a use-after-free error found in the e1000e NIC emulation code. This can lead to a privileged guest user crash the QEMU process on the host, resulting in a Deni...

"The given key was not present in the dictionary" error when adding machine to machine catalog

"The given key was not present in the dictionary" error occurs when adding a machine to the machine catalog using the same name with that of a deleted VM. ---------------------------------------------------------------------------------------------- StudioErrorId : ExceptionThrown Reason :...