4438 matches found
CVE-2025-40300 x86/vmscape: Add conditional IBPB mitigation
In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from insufficient branch predictor isolation, which could lead to a cross-user-space virtual machine attack...
Branch Predictor Isolation in KVM-QEMU
Summary Researchers claim new KVM-QEMU primitives allow exploitation of Spectre V2 resulting in information leakage in various cloud scenarios. KVM-QEMU is a combination of KVM Kernel-based Virtual Machine, a Linux kernel module that enables hardware-assisted virtualization and Quick Emulator QEM...
Linux Distros Unpatched Vulnerability : CVE-2018-6345
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the...
Linux Distros Unpatched Vulnerability : CVE-2020-1898
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to...
Linux Distros Unpatched Vulnerability : CVE-2016-6874
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The arrayrecursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. CVE-2016-6874...
Linux Distros Unpatched Vulnerability : CVE-2020-1919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect bounds calculations in substrcompare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issu...
Linux Distros Unpatched Vulnerability : CVE-2019-11925
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously...
CVE-2025-49692
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally...
XenServer Security Update for CVE-2025-27466, CVE-2025-58142, CVE-2025-58143 and CVE-2025-58146
Severity: High Description of Problem Several issues have been identified in XenServer 8.4 that collectively may allow privileged code in a guest VM to compromise or crash the host. These issues have the following identifiers: CVE-2025-27466 CVE-2025-58142 CVE-2025-58143 CVE-2025-58146 Affected...
PT-2025-36817
Name of the Vulnerable Software and Affected Versions: Azure Windows Virtual Machine Agent affected versions not specified Description: An improper access control issue exists in the Azure Windows Virtual Machine Agent. This allows an authorized attacker to elevate privileges locally...
This Week in Spring - September 9th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I am home, ensconced in my studio here in somewhat sunny San Francisco, California, relaxing and trying to catch up on stuff I missed. As always, there's a ton! So let's dive right into it. Some of the amazing features that...
KB5066359—Security Update for Windows PowerShell (Hotpatch)
KB5066359—Security Update for Windows PowerShell Hotpatch Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices...
CVE-2025-58369
fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...
CVE-2024-36346
Improper input validation in AMD Power Management Firmware PMFW could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition...
CVE-2024-36346
CVE-2024-36346 concerns AMD Power Management Firmware (PMFW). The issue is caused by improper input validation , enabling a privileged attacker from a Guest VM to send arbitrary input data and potentially induce a GPU reset . The CVSSv3.1 metrics (AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H) indicate a l...
CVE-2024-36346
Improper input validation in AMD Power Management Firmware PMFW could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition...
CVE-2024-36346
Improper input validation in AMD Power Management Firmware PMFW could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition...