Red Hat Enterprise Linux 10 安全漏洞

Red Hat Enterprise Linux 10 is a suite of Linux operating systems for business users from Red Hat, an American company. A security vulnerability exists in Red Hat Enterprise Linux 10 that stems from not properly validating free space, which could result in user encrypted data being overwritten an...

PT-2025-42393

Name of the Vulnerable Software and Affected Versions luksmeta affected versions not specified Description A data corruption issue exists in the luksmeta utility when operating with the LUKS1 disk encryption format. An attacker possessing appropriate permissions can trigger this flaw by writing a...

DEBIAN-CVE-2025-0033

Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity...

CVE-2025-0033

Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity...

RMPocalypse: Single 8-Byte Write Shatters AMD's SEV-SNP Confidential Computing

Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging SEV-SNP. The attack, per ETH Zürich researchers Benedict Schlüter and Shweta...

CVE-2025-40774

CVE-2025-40774 affects SiPass integrated prior to v3.0. The vulnerability stems from passwords stored in the server’s database with decryption keys accessible to administrators, enabling password recovery. Exploitation could allow an attacker with admin access to obtain and use valid user passwor...

PT-2025-41941

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.4.0 through 7.4.3 and prior to 7.2.7 FortiProxy versions 7.4.0 through 7.4.3 and prior to 7.2.9 FortiPAM versions prior to 1.2.0 FortiSwitchManager versions 7.2.0 through 7.2.3 and 7.0.0 through 7.0.3 Description An improper...

PT-2025-41886

Name of the Vulnerable Software and Affected Versions SiPass integrated versions prior to 3.0 Description The software stores user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, potentially allowing an attacker to recover passwords...

AMD CVE-2025-0033: RMP Corruption During SNP Initialization

Microsoft is aware of AMD-SB-3020 | CVE-2025-0033 disclosed by AMD on October 13, 2025. CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging SEV-SNP. It involves a race condition during Reverse Map Table RMP initialization that could...

PT-2025-41795

Name of the Vulnerable Software and Affected Versions AMD EPYC and EPYC Embedded series processors versions prior to BIOS updates from OEM partners AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging SEV-SNP affected versions not specified Description A critical issue...

CVE-2025-52632

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

CVE-2025-35056

Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbitrary files subject to the privileges of NIX, typically 'NT AUTHORITY\NetworkService', and the...

CVE-2017-20203

NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT...

CVE-2025-52632

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

CVE-2025-52632

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

CVE-2025-52632

CVE-2025-52632 affects HCL AION 2.0 and is described as a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability. The available connected sources confirm the affected product (HCL AION) and the issue arises in encrypted session cookies lacking the Secure attribute, which can exp...

EUVD-2025-33702

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

CVE-2025-52632 HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

CVE-2025-52632 HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

PT-2025-41538

Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description The software contains a missing secure attribute in encrypted session cookies. This could allow attackers to potentially intercept sensitive information transmitted in the session. Recommendations At the moment...