108 matches found
UBUNTU-CVE-2024-36965
In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM L2TCM size that is defined in the...
QEMU: improper IDE controller reset can lead to MBR overwrite
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
CVE-2024-3744 Kubernetes azure-file-csi-driver in versions before 1.29.4 and 1.30.1 discloses service account tokens in logs
A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged whe...
Sonic Technology Shopfloor.guide 安全漏洞
Sonic Technology Shopfloor.guide is an application from Sonic Technology, Inc. A security vulnerability exists in Sonic Technology Shopfloor.guide versions prior to 3.1.3. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via the level2 parameter...
PT-2024-24323 · Unknown · Sonic Shopfloor.Guide
Name of the Vulnerable Software and Affected Versions: Sonic Shopfloor.guide versions prior to 3.1.3 Description: A SQL injection issue in unit.php allows remote attackers to execute arbitrary SQL commands via the level2 parameter. This enables attackers to manipulate database queries, potentiall...
SUSE CVE-2024-26990
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Check kvmmmupageadneedwriteprotect when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU accounts for any...
DEBIAN-CVE-2024-26990
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Check kvmmmupageadneedwriteprotect when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU accounts for any...
Linux kernel 安全漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel, which stems from a failure to write-protect the TDP MMU SPTE will result in writes performed by L2 not being reflected in dirty logs...
SUSE CVE-2021-47092
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...
DEBIAN-CVE-2023-5088
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
SUSE CVE-2023-5088
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
PT-2023-25868 · Unknown · Tekton Pipelines
Name of the Vulnerable Software and Affected Versions: Tekton Pipelines versions 0.35.0 and later Description: The Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user...
CVE-2022-47986
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. T...
SUSE CVE-2015-4490
The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote...
SUSE CVE-2015-7835
The modl2entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping...
SUSE CVE-2016-9816
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service host crash via vectors involving an asynchronous abort while at EL2...
SUSE CVE-2022-3344
A flaw was found in the KVM's AMD nested virtualization SVM. A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest L2, possibly leading to a page fault and kernel panic in the host L0...
PT-2023-1609 · Ibm · Ibm Aspera Faspex
Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 4.4.2 Patch Level 1 and earlier Description: The issue is related to a YAML deserialization flaw, allowing a remote attacker to execute arbitrary code on the system by sending a specially crafted obsolete API call...
kernel: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Remove WARNs that sanity check that KVM never lets a triple fault for L2 escape and incorrectly end up in L1. In normal operation, the sanity check is...
A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2) possibly leading to a page fault and kernel panic in the host (L0).
...