204 matches found
SUSE CVE-2019-19579
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device and assignable-add is not used, because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's...
SUSE CVE-2021-3308
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors...
PT-2024-11781 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a null pointer dereference in the cxl/region component of the Linux kernel. This occurs when the cxl region decode reset function is called, and the -reset...
IBM MQ Internet Pass-Thru 日志日志信息泄露漏洞
IBM MQ Internet Pass-Thru is an International Business Machines IBM product for supporting the implementation of messaging between remote sites on the Internet. The product is an extended functionality component of IBM MQ that serves as a protocol channel or proxy for establishing protocols durin...
Tenda AC1206 Buffer Overflow Vulnerability (CNVD-2022-78498)
Tenda AC1206 is a wireless pass-through gigabit router from Tenda, China.Tenda AC1206 version V15.03.06.23 is vulnerable to a buffer overflow vulnerability caused by improper boundary checking of the formSetQosBand function. An attacker could exploit this vulnerability to overflow the buffer and...
kernel: iommu/amd: Fix I/O page table memory leak
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the logic to free memory used for the page table. This results in IOMMU page table memory leak, and can be...
DotNetNuke Vulnerable to XSS in Pass-Through Values
Cross-site scripting XSS vulnerability in the IFrame module before 03.02.01 for DotNetNuke DNN, caused by improper validation of user-supplied input by an unspecified script. Pass through values were not getting filtered, leaving them vulnerable to XSS. A remote attacker could exploit this...
GHSA-XR96-7CCP-PG5C DotNetNuke Vulnerable to XSS in Pass-Through Values
Cross-site scripting XSS vulnerability in the IFrame module before 03.02.01 for DotNetNuke DNN, caused by improper validation of user-supplied input by an unspecified script. Pass through values were not getting filtered, leaving them vulnerable to XSS. A remote attacker could exploit this...
PT-2022-7617 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fix Description: The issue is related to a memory leak in the IOMMU page table, which can be observed when launching VM with pass-through devices. This is due to the current logic updating the I/O page table...
February 8, 2022—KB5010422 (Security-only update)
February 8, 2022—KB5010422 Security-only update Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. IMPORTANT Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the...
HTML Cleaner allows crafted and SVG embedded scripts to pass through
...
Security update for ucode-intel (important)
openSUSE Security Update: Security update for ucode-intel Announcement ID: openSUSE-SU-2021:0876-1 Rating: important References: 1179833 1179836 1179837 1179839 Cross-References: CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 CVSS scores: CVE-2020-24489 SUSE: 8.8...
Lewd Phishing Lures Aimed at Business Explode
Attackers have amped up their use of X-rated phishing lures in business email compromise BEC attacks. A new report found a stunning 974-percent spike in social-engineering scams involving suggestive materials, usually aimed at male-sounding names within a company. The Threat Intelligence team wit...
Denial Of Service (DoS)
xen is vulnerable to denial of service. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service DoS to the entire host...
Xen IRQ Vector Leak DoS (XSA-360)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service DoS vulnerability. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X...
Denial Of Service (DoS)
Xen is vulnerable to Denial of Service DoS. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI-X entries that the...
Troubleshooting Citrix Pass-Through Authentication
This article outlines workarounds and resolutions to specific Citrix pass-through authentication issues. Common Pass-Through Authentication Issues and Inquiries Refer to the following links for information on common pass-through authentication issues and inquiries: Citrix Docs - Enabling...
Fedora 32 : xen (2021-16c9c40d4d)
The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-16c9c40d4d advisory. - An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the...
CVE-2021-3308
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors...
CVE-2021-3308
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors...