CVE-2026-31593 KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU Reject synchronizing vCPU state to its associated VMSA if the vCPU has already been launched, i.e. if the VMSA has already been encrypted. On a host wit...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46675)

usb: dwc3: core: A vulnerability where the USB core could access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and other memory issues in Exynos platforms. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot fo...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990852)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990852 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an...

Important: nvidia-open

Issue Overview: NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this vulnerability might lead to denial of service, data tampering, or...

CVE-2025-21880

In the Linux kernel, the following vulnerability has been resolved: drm/xe/userptr: fix EFAULT handling Currently we treat EFAULT from hmmrangefault as a non-fatal error when called from xevmuserptrpin with the idea that we want to avoid killing the entire vm and chucking an error, under the...

kernel: usb: dwc3: Wait unconditionally after issuing EndXfer command

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Wait unconditionally after issuing EndXfer command Currently all controller IP/revisions except DWC3usb3 = 310a wait 1ms unconditionally for ENDXFER completion when IOC is not set. This is because DWCusb3 controller...

AZL-52555 CVE-2024-50099 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Remove broken LDR literal uprobe support The simulateldrliteral and simulateldrswliteral functions are unsafe to use for uprobes. Both functions were originally written for use with kprobes, and access memory with...

AZL-49413 CVE-2024-46675 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and othe...

USN-6528-1 openjdk-8 vulnerabilities

It was discovered that the HotSpot VM implementation in OpenJDK did not properly validate bytecode blocks in certain situations. An attacker could possibly use this to cause a denial of service. CVE-2022-40433 Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support...

The vulnerability of Blink’s web page display mechanism in Google Chrome browser allows a hacker to replace the user interface.

The vulnerability of Blink’s web page rendering mechanism in Google Chrome browsers is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to replace the user interface with a specially crafted HTML page...

USN-6161-1 dotnet6, dotnet7 vulnerabilities

It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. CVE-2023-24936 Kevin Jones discovered that .NET did not properly handle the AIA fetching process for...

CVE-2023-21459

Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault...

Slackware: Security Advisory (SSA:2023-033-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-39853

A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault...

CVE-2021-3492

Shiftfs is affected in the Ubuntu Linux kernel; a fault in copy_from_user() handling can cause a double-free or leaked memory, enabling local denial of service (kernel memory exhaustion) or privilege escalation. The vulnerability is documented as CVE-2021-3492, with Ubuntu/security advisories (e....

PT-2021-8266 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.0-rc5-01361-ge3c1b78c8440-dirty Description: The issue is related to the radix set pte at function in the Linux kernel, which does not properly order the update of the Page Table Entry PTE with subsequent...

The vulnerability of the VBScript script handler in Internet Explorer allows a hacker to execute arbitrary code.

The vulnerability of VBScript script handlers in Internet Explorer is related to errors in memory object handling. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

WAGO PFC 200 Buffer Overflow Vulnerability

The WAGO PFC 200 is a programmable logic controller PLC from the German company WAGO. A buffer overflow vulnerability exists in the I/O-Check function in the WAGO PFC 200. The vulnerability originates when a networked system or product performs an operation on memory without properly validating...

PT-2017-15604 · Libxls · Libxls

Name of the Vulnerable Software and Affected Versions: libxls versions 1.3.4 through 1.4.0 Description: An out-of-bounds write vulnerability exists in the xls mergedCells function of libxls, allowing a specially crafted XLS file to cause memory corruption, potentially resulting in remote code...

Microsoft Windows Graphics Component Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Graphics is one of the graphics driver components. An elevated privilege vulnerability exists in Graphics in Microsoft Windows, which stems from the Graphics component failing to properly handle objec...