CVE-2024-57793 virt: tdx-guest: Just leak decrypted memory on unrecoverable errors

In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors In CoCo VMs it is possible for the untrusted host to cause setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers...

CVE-2024-57793

CVE-2024-57793 affects the Linux kernel in the virt: tdx-guest path, where an unrecoverable error in set_memory_decrypted() can cause decrypted memory to be leaked to the page allocator. The untrusted host in CoCo VMs can trigger set_memory_decrypted() to fail, and callers must handle such errors...

CVE-2024-57793

In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors In CoCo VMs it is possible for the untrusted host to cause setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers...

CVE-2024-42172 HCL MyXalytics is affected by broken authentication

HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application wi...

PT-2025-3135 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the XFS filesystem. The issue occurs when a link call tries to set up a transaction to link a child into a directory,...

SUSE CVE-2024-56657

In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN for symlink errors Using WARN for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each...

ROS-20250110-12

Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource "Race Situation". "Race Situation". Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code by downloading specially crafted JSP files Apache Tomcat...

ROS-20250110-01

A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is associated with authorization errors due to a buffer overrun. authorization errors as a result of an operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow...

ROS-20250110-02

A vulnerability in the Exiv2 media metadata management library is related to a flaw in the use of the assert function. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted image file Vulnerability in the Jp2Image::readMetadata...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7186-2)

"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7186-2 advisory. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type- confusion error. A physically proximate...

The vulnerability of the JavaScript script handler in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge relates to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page from a remote location...

CVE-2021-20455

IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

Out-of-bounds Read

libpoppler.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper handling of bitmap combinations within the JBIG2Bitmap::combine function in JBIG2Stream.cc, leading to potential memory access errors...

PT-2025-4337

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description The issue concerns the Linux kernel, specifically the hwmon driver, which can produce garbage data when SCSI errors occur. The scsi execute cmd function can return both negative and positive...

USN-7186-1: Linux kernel (Intel IoTG) vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-12351 Andy Nguyen discovered that the...

USN-7179-2: Linux kernel vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-12351 Andy Nguyen discovered that the...

The vulnerability of the PlaybackParams class in the Mozilla Firefox browser and Thunderbird email client allows a perpetrator to access confidential data.

The vulnerability of the PlaybackParams class in Mozilla Firefox and Thunderbird’s email client is related to synchronization errors when using a common resource “Race Situation”. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

PT-2025-1092 · Ibm · Ibm Engineering Lifecycle Optimization - Publishing

Name of the Vulnerable Software and Affected Versions: IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 through 7.0.3 Description: The issue is related to the implementation of TLS and SSL protocols in the software, which is associated with inadequate access control. Exploitatio...

The vulnerability of the Adobe Experience Manager content and media data management system is related to errors in processing input data, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

Fedora: Security Advisory (FEDORA-2024-0fa283c43a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...