CVE-2024-35939

In the Linux kernel, the following vulnerability has been resolved: dma-direct: Leak pages on dmasetdecrypted failure On TDX it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers...

CVE-2024-35939

In the Linux kernel, the following vulnerability has been resolved: dma-direct: Leak pages on dmasetdecrypted failure On TDX it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers...

CVE-2024-35939

CVE-2024-35939 affects the Linux kernel: dma-direct: Leak pages on dma_set_decrypted() failure. In TDx, set_memory_encrypted()/set_memory_decrypted() failures can cause memory to be shared; DMA could leak decrypted/shared pages instead of freeing them, potentially leading to functional or securit...

PDF-XChange Editor 安全漏洞

PDF-XChange Editor is a PDF file viewing software from PDF-XChange, Inc. that runs on Microsoft Windows systems. A security vulnerability exists in PDF-XChange Editor, which originates from Net.HTTP.requests exposing a dangerous functional information disclosure vulnerability...

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester/ IBM DevOps Test UI

Summary There is vulnerability in Eclipse Jetty used by Rational Functional TesterRFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE-2024-22201. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw whe...

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security componen...

[SECURITY] Fedora 40 Update: testng-7.8.0-5.fc40

TestNG is a testing framework inspired from JUnit and NUnit but introducing some new functionality, including flexible test configuration, and distributed test running. It is designed to cover unit tests as well as functional, end-to-end, integration, etc...

[SECURITY] Fedora 40 Update: scala-2.13.12-7.fc40

Scala is a general purpose programming language designed to express common programming patterns in a concise, elegant, and type-safe way. It smoothly integrates features of object-oriented and functional languages. It is also fully interoperable with Java. This package contains the Scala compiler...

BIT-JENKINS-2020-2251

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...

BIT-MOODLE-2023-28332 Moodle: algebra filter xss when filter is misconfigured

If the algebra filter was enabled but not functional eg the necessary binaries were missing from the server, it presented an XSS risk...

Huawei HarmonyOS and EMUI WMS Module Business Logic Error Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A business logic error vulnerability exists in Huawei...

Huawei EMUI 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A business logic error vulnerability exists in Huawei...

The vulnerability of libraries for generating Bitcoin addresses and private keys in PyCryptodome and PyCryptodomeX lies in the exposure to information disclosure due to inconsistencies. This vulnerability allows attackers to gain unauthorized access to protected information.

The vulnerability of libraries for generating Bitcoin addresses and private keys in PyCryptodome and PyCryptodomeX involves information disclosure due to mismatches in their functionality. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to protected...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT. RFT has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-22067 DESCRIPTION: An unspecified vulnerability in Java SE related to the CORBA component could allow a remo...

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow a...

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...

Cap Dev. Better red teaming with continuous Capability Development

TL;DR What Capability Development Cap Dev is in this context The big Cap Dev benefits for red teaming Operations and Development, sharing and improving Improvements to TTPs, hardware, and developing strategies Benefits of using a DevSecOps model for offensive security The essence of Cap Dev Cap D...

Decoupling for Security

This is an excerpt from a longer paper. You can read the whole thing complete with sidebars and illustrations here. Our message is simple: it is possible to get the best of both worlds. We can and should get the benefits of the cloud while taking security back into our own hands. Here we outline ...

Huawei HarmonyOS Resource Management Error Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A resource management error vulnerability exists in Huawei HarmonyOS. An attacker could exploit this vulnerability to cause functionality anomalies...