CVE-2025-36056 IBM System Storage Virtualization Engine TS7700 cross-site scripting

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI...

The vulnerability of the arch/x86/kvm component of the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the arch/x86/kvm component of the Linux operating system’s kernel is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

IBM System Storage Virtualization Engine TS7700 跨站脚本漏洞

IBM System Storage Virtualization Engine TS7700 is a data storage repository from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM System Storage Virtualization Engine TS7700 that stems from vulnerability to cross-site scripting attacks...

IBM System Storage Virtualization Engine TS7700 跨站脚本漏洞

IBM System Storage Virtualization Engine TS7700 is a data repository from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM System Storage Virtualization Engine TS7700, which stems from susceptibility to cross-site scripting attacks that could lead to...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a Denial of Service (CVE-2025-23184) due to the use of WebSphere Application Server Liberty

Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service associated with the use of WebSphere Application Server Liberty CVE-2025-23184, which is used in its Management Interface. Under certain rare conditions, CachedOutputStream instances may not close properly. If these...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to Cross-Site Scripting in the Management Interface

Summary IBM Virtualization Engine TS7700 is susceptible to information disclosure and privilege escalation CVE-2025-2141. An attacker can perform Cross-Site Scripting XSS attacks on the IBM TS7700 Management Interface, allowing them to redirect users to malicious websites phishing, create malicio...

PT-2025-33551

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw related to Secure TSC frequency calculation in SEV-SNP VMs. The GUEST TSC FREQ MSR reports a frequency based on the nominal P0 frequency, which deviate...

Security Bulletin: This Power System update is being released to address CVE-2025-0395

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console and by the Runtime Processor Diagnostics in PowerVM. This bulletin provides a remediation for the impacted vulnerability, CVE-2025-0395, by...

CVE-2025-46708

CVE-2025-46708 affects Imagination Technologies PowerVR-GPU driver. The issue arises when software inside a Guest VM makes improper GPU system calls, delaying or blocking the GPU for other guests and preventing them from processing workloads. The vulnerability is described as enabling guest VMs t...

[SECURITY] Fedora 42 Update: libtpms-0.10.1-1.fc42

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

The vulnerability of the ioapic_write_indirect() function in the arch/x86/kvm/ioapic.c module of the virtualization subsystem on the Linux operating system’s x86 kernel platform allows a attacker to cause a service failure.

The vulnerability of the ioapicwriteindirect function in the arch/x86/kvm/ioapic.c module of the virtualization subsystem on the Linux operating system’s x86 kernel platform is related to reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to cause a servic...

The vulnerability of the _GLOBAL_TOC function in the arch/powerpc/kvm/book3s_hv_rmhandlers.S module of the virtualization subsystem on the PowerPC platform in the Linux operating system allows a attacker to execute arbitrary code with elevated privileges or cause a service failure.

The vulnerability of the GLOBALTOC function in the arch/powerpc/kvm/book3shvrmhandlers.S module of the virtualization subsystem on the PowerPC platform in the Linux operating system is related to a buffer overflow based on a stack. Exploiting this vulnerability could allow an attacker to execute...

qCUDA 输入验证错误漏洞

qCUDA is a virtualization software by the individual developer of coldfunction. An input validation error vulnerability exists in qCUDA that stems from the qcowmakeempty function mishandling the parameter s-l1size, which could lead to an integer overflow...

PT-2025-30134

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the KVM component related to handling hypercalls HVCALL FLUSH VIRTUAL ADDRESS LIST and HVCALL FLUSH VIRTUAL ADDRESS LIST EX within KVM guests utilizin...

microcode_ctl: From CVEorg collector

A flaw was found in the Branch Prediction Unit BPU of Intel's Lion Core CPUs that make it possible for an attacker to bypass Indirect Branch Predictor Barrier IBPB protections. By employing branch predictor training techniques as described in the "Training Solo" publication, an attacker with loca...

Advisory ROSA-SA-2025-2897

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-14.0.1.rv3 CVE-ID: CVE-2019-1547 BDU-ID: 2019-04084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ecerr.c and eclib.c functions of the OpenSSL library is related to the lack of data encryption measures...

The vulnerability of the kvm_riscv_vcpu_sbi_init() function in the arch/riscv/kvm/vcpu_sbi.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the kvmriscvvcpusbiinit function in the arch/riscv/kvm/vcpusbi.c module of the Linux operating system is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protect...

The vulnerability of the `trace_kvm_nested_vmenter_failed()` function in the `arch/x86/kvm/trace.h` module of the virtualization subsystem on the Linux x86 kernel platform allows a attacker to access protected information or cause service failures.

The vulnerability of the tracekvmnestedvmenterfailed function in the arch/x86/kvm/trace.h module of the virtualization subsystem on the Linux x86 kernel platform is related to improper control of resource identifiers “resource injection”. Exploiting this vulnerability may allow an attacker to...

The vulnerability of the emulator_get_hflags() function in the arch/x86/kvm/x86.c module of the virtualization subsystem on the Linux x86 kernel platform allows a attacker to compromise the integrity and accessibility of protected information.

The vulnerability of the emulatorgethflags function in the arch/x86/kvm/x86.c module of the virtualization subsystem on the Linux x86 kernel platform is related to the dereferencing of the NULL pointer. Exploiting this vulnerability could allow an attacker to compromise the integrity and...

The vulnerability of the kvm_vm_ioctl_unregister_coalesced_mmio() function in the virt/kvm/coalesced_mmio.c module of the Linux Kernel-Based Virtual Machine (KVM) virtualization subsystem allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the kvmvmioctlunregistercoalescedmmio function in the virt/kvm/coalescedmmio.c module of the Linux Kernel-Based Virtual Machine KVM virtualization subsystem is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to...