Lucene search
+L

204 matches found

Tenable Nessus
Tenable Nessus
added 2024/08/22 12:0 a.m.18 views

SUSE SLES15: xen / xen-devel / xen-libs / xen-tools / xen-tools-domU / etc (SUSE-SU-2024:2994-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2994-1 advisory. - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping XSA-460, bsc1228574 - CVE-2024-31146: Fixed PCI device...

7.5CVSS6.8AI score0.00235EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2024/08/20 5:27 a.m.18 views

Thousands of Oracle NetSuite Sites at Risk of Exposing Customer Information

Cybersecurity researchers are warning about the discovery of thousands of externally-facing Oracle NetSuite e-commerce sites that have been found susceptible to leaking sensitive customer information. "A potential issue in NetSuite's SuiteCommerce platform could allow attackers to access sensitiv...

6.7AI score
Exploits0
Xen Project
Xen Project
added 2024/08/13 12:0 p.m.28 views

PCI device pass-through with shared resources

ISSUE DESCRIPTION When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration canno...

7.5CVSS7.1AI score0.00235EPSS
Exploits0
Citrix
Citrix
added 2024/07/13 12:0 a.m.12 views

Screen Refresh Issues Through a Seamless Pass-Through Session

The screen might not repaint properly because of a poor refresh rate. Therefore, certain areas of the application appear grayed out or distorted. This happens when running an application in seamless mode while utilizing the pass-through client on the server. Manually refreshing the application do...

7.1AI score
Exploits0
Citrix
Citrix
added 2024/07/13 12:0 a.m.10 views

Domain Pass-through to StoreFront Cannot Launch XenDesktop

...

7.2AI score
Exploits0
Citrix
Citrix
added 2024/07/13 12:0 a.m.11 views

Pass-through Authentication Might Fail Starting Publish Desktops with StoreFront and Desktop Viewer

Pass-through authentication to StoreFront does not work when starting XenApp published desktops. When users log on to the client workstation with Windows Active Directory AD credentials, the Receiver starts and successfully passes the user credentials to the configured Store and displays availabl...

7.3AI score
Exploits0
OSV
OSV
added 2024/05/21 4:15 p.m.4 views

UBUNTU-CVE-2022-48707

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix null pointer dereference for resetting decoder Not all decoders have a reset callback. The CXL specification allows a host bridge with a single root port to have no explicit HDM decoders. Currently the region driv...

5.5CVSS5.7AI score0.00205EPSS
Exploits0References5
OSV
OSV
added 2024/05/01 5:15 p.m.3 views

CVE-2024-25015

IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all available resources. IBM X-Force ID: 281278...

7.5CVSS5.8AI score0.00925EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.6 views

PT-2024-6879 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.5 Description: The issue is related to a path traversal vulnerability that allows a remote unauthenticated attacker to bypass authentication. This is due to incorrect restriction of the path name to a...

9.8CVSS7.4AI score0.3776EPSS
Exploits0References11
OSV
OSV
added 2024/02/29 3:52 p.m.5 views

CVE-2024-26620 s390/vfio-ap: always filter entire AP matrix

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

7.5CVSS5.6AI score0.0095EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/01/17 12:0 a.m.5 views

PT-2024-3785 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the vfio ap mdev filter matrix function in the Linux kernel, which is responsible for updating the guest's AP configuration by filtering the matrix of adapters...

7.8CVSS6.6AI score0.78388EPSS
Exploits8References1497
RedHat Linux
RedHat Linux
added 2023/11/14 3:46 p.m.4 views

kernel: dmaengine: ptdma: check for null desc before calling pt_cmd_callback

AMD PTDMA Pass-Through DMA engine crashes the kernel when ptissuepending encounters empty descriptor queues. The function blindly invokes ptcmdcallback without verifying that a valid descriptor exists, triggering a NULL pointer dereference. This commonly surfaces during system shutdown on AMD...

7.3AI score0.00161EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/07/05 2:13 a.m.2 views

SUSE CVE-2023-2861

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

7.5CVSS6.6AI score0.00376EPSS
Exploits0References10
NVD
NVD
added 2023/03/21 1:15 p.m.24 views

CVE-2022-42333

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

8.6CVSS7.2AI score0.01189EPSS
Exploits0References7
F5 Networks
F5 Networks
added 2023/02/21 6:45 p.m.61 views

K39604784: BIG-IP system incorrectly forwards VLAN-tagged frames with STP at Pass Through mode

Security Advisory Description The BIG-IP system incorrectly forwards VLAN-tagged frames, even if the VLAN is not defined on the ingress interface, when Spanning Tree Protocol STP is set to Pass Through mode. Note : The following BIG-IP platforms are not affected: BIG-IP 2000s/2200s BIG-IP...

6.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:18 a.m.2 views

SUSE CVE-2015-4105

Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service host disk consumption via certain invalid operations...

4.9CVSS6.4AI score0.00478EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:18 a.m.2 views

SUSE CVE-2015-4106

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service host crash, obtain sensitive information, or possibly have other unspecified impact via unknown vectors...

4.6CVSS7.2AI score0.00483EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.5 views

SUSE CVE-2017-14431

Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service ARM or x86 AMD host OS memory consumption by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207...

5.5CVSS8.7AI score0.00338EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.3 views

SUSE CVE-2019-18424

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to...

7.6CVSS6.2AI score0.00497EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.4 views

SUSE CVE-2019-19577

An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number ...

7.2CVSS7.5AI score0.00503EPSS
Exploits0References12
Rows per page
Query Builder