kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks

A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...

DEBIAN-CVE-2024-1550

A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects...

UBUNTU-CVE-2024-1550

A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects...

CVE-2024-25710

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue...

CVE-2023-51787

An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak...

Debian dsa-5621 : bind9 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5621 advisory. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic,...

CVE-2023-5517

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versio...

CVE-2023-5517

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versio...

Design/Logic Flaw

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versio...

CVE-2023-5517

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versio...

CVE-2023-5517

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versio...

ISC BIND 9.12.0 < 9.16.48 / 9.16.8-S1 < 9.16.48-S1 / 9.18.0 < 9.18.24 / 9.18.11-S1 < 9.18.24-S1 / 9.19.0 < 9.19.21 Assertion Failure (cve-2023-5517)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-5517 advisory. - A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is...

CVE-2024-24015

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit...

CVE-2024-24015

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit...

CVE-2024-24015

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit...

Novel-Plus Security Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A security vulnerability exists in Novel-Plus version v4.3.0-RC1 and prior versions. An attacker can exploit the vulnerability by passing in specially crafted offset, limit, and sort parameters to perform a SQL...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : TinyXML vulnerability (USN-6612-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6612-1 advisory. It was discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into...

kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h

A flaw was found in pfnswapentrytopage in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmdt x...

PT-2024-8366 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to insufficient input validation in the riscv component of the Linux kernel. This can lead to a denial of service when the code to patch lies outside the exit...

Fedora 39 : tinyxml (2024-80e6578a01)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-80e6578a01 advisory. Bugfix release. Includes security fixes for CVE-2021-42260 and CVE-2023-34194 and a fix for incorrect text element encoding upstream isssue 51...