CVE-2024-38807

CVE-2024-38807 describes a signature forgery vulnerability in VMware Spring Boot/loader components where signature verification of nested JARs can be bypassed, enabling content signed by one signer to appear signed by another. The NVD summary matches this description. Connected advisories identif...

SUSE CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

PT-2024-28229

Name of the Vulnerable Software and Affected Versions Spring Boot versions 2.7.0 through 2.7.21 Spring Boot versions 3.0.0 through 3.0.16 Spring Boot versions 3.1.0 through 3.1.12 Spring Boot versions 3.2.0 through 3.2.8 Spring Boot versions 3.3.0 through 3.3.2 Description Applications that use...

AZL-48156 CVE-2024-43398 affecting package rubygem-rexml for versions less than 3.3.9-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

AZL-48150 CVE-2024-43398 affecting package ruby for versions less than 3.1.7-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

DEBIAN-CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

AZL-48154 CVE-2024-43398 affecting package rubygem-rexml for versions less than 3.2.9-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

ALPINE-CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

UBUNTU-CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

PT-2024-32233

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.10.0-rc7-332d2c1d713e-next-vm 552 Description The issue is related to the KVM Kernel-based Virtual Machine component in the Linux kernel. Specifically, it involves the handling of KVM SET VCPU EVENTS, where KVM...

CVE-2024-43880

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...

kernel: KVM: x86: nSVM: fix potential NULL derefernce on nested migration

A vulnerability was found in the nested.c file in the Linux kernel's KVM driver, where a potential NULL dereference can occur. This happens when the call to load the nested state is executed before Nested Page Tables NPT are enabled, preventing access to guest memory, lead to system instability a...

CVE-2024-43880 mlxsw: spectrum_acl_erp: Fix object nesting warning

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...

CVE-2024-43880 mlxsw: spectrum_acl_erp: Fix object nesting warning

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but the...

CVE-2024-43835 virtio_net: Fix napi_skb_cache_put warning

In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix napiskbcacheput warning After the commit bdacf3e34945 "net: Use nested-BH locking for napialloccache." was merged, the following warning began to appear: WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the lib:objagg library not properly handling nested cases when aggregating objects, leading to multiple warnings...

ROS-20240816-12

Vulnerability of setupdscconfig function in drivers/gpu/drm/amd/display/dc/dsc/dcdsc.c module of driver amdgpu of the Linux operating system kernel is related to a lack of input validation. Exploitation the vulnerability could allow an attacker to cause a denial of service A vulnerability in the...

AMD Secure Processor和AMD Secure Encrypted Virtualization 安全漏洞

AMD Secure Encrypted Virtualization and AMD Secure Processor ASP are both products of Ultraviolet Semiconductor AMD, Inc.AMD Secure Encrypted Virtualization is a software application. Hardware-accelerated memory encryption to protect data in use.AMD Secure Processor is a standalone ARM Coretex-A5...

AMD Secure Processor和AMD Secure Encrypted Virtualization 安全漏洞

AMD Secure Encrypted Virtualization and AMD Secure Processor ASP are both products of Ultraviolet Semiconductor AMD, Inc.AMD Secure Encrypted Virtualization is a software application. Hardware-accelerated memory encryption to protect data in use.AMD Secure Processor is a standalone ARM Coretex-A5...

AMD Secure Processor和AMD Secure Encrypted Virtualization 安全漏洞

AMD Secure Encrypted Virtualization and AMD Secure Processor ASP are both products of Ultraviolet Semiconductor AMD, Inc.AMD Secure Encrypted Virtualization is a software application. Hardware-accelerated memory encryption to protect data in use.AMD Secure Processor is a standalone ARM Coretex-A5...