Lucene search
K

137 matches found

OSV
OSV
added 2025/01/11 12:39 p.m.13 views

CVE-2024-57793 virt: tdx-guest: Just leak decrypted memory on unrecoverable errors

In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors In CoCo VMs it is possible for the untrusted host to cause setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers...

5.5CVSS6.1AI score0.00189EPSS
Exploits0References5
CVE
CVE
added 2024/11/08 6:40 p.m.42 views

CVE-2024-51997

Trustee (open-source) contains a vulnerability in the Attestation Results Token (ART) where the embedded jwk in the ART payload can be replaced by a MITM attacker, allowing the attacker to sign crafted tokens with their private key. The current code path (v0.8.0) does not detect such replacement,...

8.1CVSS8AI score0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/08 6:40 p.m.8 views

CVE-2024-51997 The Attestation Results Token can be arbitrarily modified without being detected in Trustee

Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART Attestation Results Token token, generated by AS, could be manipulated by MITM attacker, but the verifier CoCo Verification Demander like KBS could still verify it successfully. In th...

8.1CVSS7.1AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/08 6:40 p.m.15 views

CVE-2024-51997 The Attestation Results Token can be arbitrarily modified without being detected in Trustee

Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART Attestation Results Token token, generated by AS, could be manipulated by MITM attacker, but the verifier CoCo Verification Demander like KBS could still verify it successfully. In th...

8.1CVSS0.00339EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/06 12:0 a.m.5 views

The vulnerability of the handle_mmio() function in the Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the handlemmio function in the arch/x86/coco/tdx/tdx.c module of the Linux operating system’s kernel is related to the lack of address validation. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

7.8CVSS7.2AI score0.00247EPSS
Exploits0References18Affected Software6
NVD
NVD
added 2024/10/19 3:15 p.m.9 views

CVE-2024-10141

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...

8.1CVSS0.00802EPSS
Exploits1References5
OSV
OSV
added 2024/10/19 3:15 p.m.5 views

CVE-2024-10141

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...

8.1CVSS6.8AI score
Exploits0References5
Cvelist
Cvelist
added 2024/10/19 3:0 p.m.18 views

CVE-2024-10141 jsbroks COCO Annotator Session predictable state

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...

6.3CVSS0.00802EPSS
Exploits1References5
CVE
CVE
added 2024/10/19 3:0 p.m.48 views

CVE-2024-10141

The CVE-2024-10141 issue affects jsbroks COCO Annotator 0.11.1, specifically the Session Handler component where manipulating the SECRET_KEY causes a predictable state from observable state. It can be initiated remotely, with attack complexity described as high and exploitability as difficult. Mu...

8.1CVSS4.7AI score0.00802EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/19 3:0 p.m.13 views

CVE-2024-10141 jsbroks COCO Annotator Session predictable state

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...

6.3CVSS4.3AI score0.00802EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/10/19 12:0 a.m.3 views

COCO Annotator 安全漏洞

COCO Annotator is a web-based image annotation tool from the individual developer Justin Brooks. Designed for versatility and efficiency in labeling images. A security vulnerability exists in COCO Annotator version 0.11.1, which stems from the parameter SECRETKEY of the component Session Handler...

8.1CVSS4.8AI score0.00802EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/10/19 12:0 a.m.4 views

PT-2024-16060 · Unknown · Jsbroks Coco Annotator

Name of the Vulnerable Software and Affected Versions: jsbroks COCO Annotator version 0.11.1 Description: A problematic vulnerability was found in the Session Handler component of jsbroks COCO Annotator. The manipulation of the SECRET KEY argument leads to a predictable state from an observable...

8.1CVSS7AI score0.00802EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.57 views

SUSE SLES15: kernel-coco / kernel-coco-devel / kernel-coco_debug / etc (SUSE-SU-2024:3553-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3553-1 advisory. The SUSE Linux Enterprise 15 SP6 CoCo kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...

7.8CVSS6.7AI score0.00983EPSS
Exploits3References474
Tenable Nessus
Tenable Nessus
added 2024/09/12 12:0 a.m.56 views

Oracle Linux 9 : kernel (ELSA-2024-6567)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6567 advisory. - usb-storage: alauda: Check whether the media is initialized CKI Backport Bot RHEL-43716 CVE-2024-38619 - mm: avoid overflows in dirty throttling logi...

9.1CVSS7.1AI score0.00923EPSS
Exploits0References27
RedHat Linux
RedHat Linux
added 2024/09/04 12:15 a.m.5 views

kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems

CVE-2024-35875 addresses a security concern in the Linux kernel's handling of confidential computing CoCo environments. In these setups, the virtual machine VM host is untrusted and may attempt to compromise guest VMs. A critical component for maintaining security in such environments is a reliab...

5.5CVSS7AI score0.00235EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/04 12:15 a.m.39 views

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.8CVSS7AI score0.00317EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2024/06/03 4:33 p.m.31 views

CVE-2024-36909

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resultin...

4.4CVSS7.4AI score0.00225EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/06/03 1:11 p.m.22 views

CVE-2024-36912

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbusgpadl In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is share...

4.4CVSS7AI score0.00915EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/06/03 1:11 p.m.26 views

CVE-2024-36911

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers need to...

4.4CVSS6.7AI score0.00225EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/06/03 1:11 p.m.36 views

CVE-2024-36910

In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers need...

4.4CVSS6.7AI score0.00237EPSS
Exploits0References4
Rows per page
Query Builder