Lucene search
K

138 matches found

OSV
OSV
added 2024/05/19 8:34 a.m.24 views

CVE-2024-35875 x86/coco: Require seeding RNG with RDRAND on CoCo systems

In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted a...

5.5CVSS6.3AI score0.00235EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/19 12:0 a.m.9 views

PT-2024-26768

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel's random number generator RNG on CoCo systems. The CoCo threat model means that the VM host cannot be trusted and may actively work against guest...

5.5CVSS5.5AI score0.00235EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.9 views

PT-2024-27204

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description The issue arises in CoCo VMs where an untrusted host can cause set memory encrypted or set memory decrypted to fail, leading to shared memory. Callers must handle these errors to prevent...

8.1CVSS5.5AI score0.00915EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.11 views

PT-2024-27203

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In CoCo VMs, it is possible for the untrusted host to cause set memory encrypted or set memory decrypted to fail, resulting in shared memory. Callers need to handle these errors to avoid...

8.1CVSS5.4AI score0.00915EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/11 12:0 a.m.10 views

PT-2024-27201

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In CoCo VMs, an untrusted host can cause set memory encrypted or set memory decrypted to fail, resulting in shared memory. Callers must handle these errors to avoid returning decrypted...

6.2CVSS5.5AI score0.00237EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/11 12:0 a.m.10 views

PT-2024-27199

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In CoCo VMs, it is possible for the untrusted host to cause set memory encrypted or set memory decrypted to fail, resulting in shared memory. Callers need to handle these errors to avoid...

5.5CVSS5.8AI score0.00225EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/08 12:0 a.m.148 views

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6680-2)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6680-2 advisory. discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure...

8.8CVSS7.5AI score0.01657EPSS
Exploits3References8
Prion
Prion
added 2024/02/12 5:15 a.m.33 views

Code injection

In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/memencryptamd.c...

7.1AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/12 12:0 a.m.40 views

CVE-2024-25744

In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/memencryptamd.c...

6.7AI score0.00278EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/09/12 11:7 a.m.3 views

kernel: virt/coco/sev-guest: Double-buffer messages

In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy...

5.7AI score0.00108EPSS
Exploits0References5
Openbugbounty
Openbugbounty
added 2020/09/21 2:5 p.m.10 views

coco-blue.net Cross Site Scripting vulnerability OBB-1352875

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/03/21 6:57 p.m.16 views

cocominaghana.com XSS vulnerability

Open Bug Bounty ID: OBB-584398 Description| Value ---|--- Affected Website:| cocominaghana.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2017/08/13 9:31 p.m.16 views

Microsoft Launches Ethereum-Based 'Coco Framework' to Speed Up Blockchain Network

A growing number of enterprises are showing their interest in blockchains, but the underlying software fails to meet key enterprise requirements like performance, confidentiality, governance, and required processing power. However, Microsoft wants to help solve these issues and make it easier for...

6.9AI score
Exploits0
hackapp
hackapp
added 2016/04/01 10:24 a.m.11 views

Coco Wedding - WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Coco Wedding published at the 'play' market has multiple vulnerabilities...

0.8AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 10:3 a.m.19 views

Music Idol - Coco Rock Star - WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Music Idol - Coco Rock Star published at the 'play' market has multiple vulnerabilities...

0.9AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:54 a.m.9 views

Coco Party - Dancing Queens - WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Coco Party - Dancing Queens published at the 'play' market has multiple vulnerabilities...

1AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:54 a.m.14 views

Coco Pony - My Dream Pet - Base64 encoded String, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Coco Pony - My Dream Pet published at the 'play' market has multiple vulnerabilities...

0.8AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/02/29 12:0 a.m.9 views

Facebook Game - Coco Girl Detected (deprecated)

Binary data 6385.prm...

7.3AI score
Exploits0
Rows per page
Query Builder