138 matches found
CVE-2024-35875 x86/coco: Require seeding RNG with RDRAND on CoCo systems
In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted a...
PT-2024-26768
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel's random number generator RNG on CoCo systems. The CoCo threat model means that the VM host cannot be trusted and may actively work against guest...
PT-2024-27204
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description The issue arises in CoCo VMs where an untrusted host can cause set memory encrypted or set memory decrypted to fail, leading to shared memory. Callers must handle these errors to prevent...
PT-2024-27203
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In CoCo VMs, it is possible for the untrusted host to cause set memory encrypted or set memory decrypted to fail, resulting in shared memory. Callers need to handle these errors to avoid...
PT-2024-27201
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In CoCo VMs, an untrusted host can cause set memory encrypted or set memory decrypted to fail, resulting in shared memory. Callers must handle these errors to avoid returning decrypted...
PT-2024-27199
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In CoCo VMs, it is possible for the untrusted host to cause set memory encrypted or set memory decrypted to fail, resulting in shared memory. Callers need to handle these errors to avoid...
Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6680-2)
The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6680-2 advisory. discovered that the NFC Controller Interface NCI implementation in the Linux kernel did not properly handle certain memory allocation failure...
Code injection
In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/memencryptamd.c...
CVE-2024-25744
In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/memencryptamd.c...
kernel: virt/coco/sev-guest: Double-buffer messages
In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy...
coco-blue.net Cross Site Scripting vulnerability OBB-1352875
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
cocominaghana.com XSS vulnerability
Open Bug Bounty ID: OBB-584398 Description| Value ---|--- Affected Website:| cocominaghana.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Microsoft Launches Ethereum-Based 'Coco Framework' to Speed Up Blockchain Network
A growing number of enterprises are showing their interest in blockchains, but the underlying software fails to meet key enterprise requirements like performance, confidentiality, governance, and required processing power. However, Microsoft wants to help solve these issues and make it easier for...
Coco Wedding - WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Coco Wedding published at the 'play' market has multiple vulnerabilities...
Music Idol - Coco Rock Star - WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Music Idol - Coco Rock Star published at the 'play' market has multiple vulnerabilities...
Coco Party - Dancing Queens - WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Coco Party - Dancing Queens published at the 'play' market has multiple vulnerabilities...
Coco Pony - My Dream Pet - Base64 encoded String, WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Coco Pony - My Dream Pet published at the 'play' market has multiple vulnerabilities...
Facebook Game - Coco Girl Detected (deprecated)
Binary data 6385.prm...