UBUNTU-CVE-2024-53114

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is reported to be a cause of a random host reboot. Thes...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue where the x86/CPU/AMD virtualization VMLOAD/VMSAVE instructions are incorrectly declared as availab...

Security update for ovmf

This update for ovmf fixes the following issues: CVE-2024-1298: Fixed potential UINT32 overflow in S3 ResumeCount bsc1225889. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...

Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability

Summary IBM Data Virtualization Manager for z/OS has a remote code execution RCE vulnerability. Vulnerability Details CVEID:CVE-2024-52899 DESCRIPTION: IBM Data Virtualization Manager for z/OS could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

Moderate: Red Hat Security Advisory: OpenShift Virtualization 4.13.11 Images

Red Hat OpenShift Virtualization release 4.13.11 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

CVE-2024-52899

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

CVE-2024-52899

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

CVE-2024-52899 IBM Data Virtualization Manager code execution

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

CVE-2024-52899 IBM Data Virtualization Manager code execution

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

CVE-2024-52899

IBM Data Virtualization Manager for z/OS is affected in v1.1 and v1.2 by a code-execution vulnerability where an authenticated user can inject malicious JDBC URL parameters to execute server code. Root cause: improper filtering of elements that form code segments (CRLF injection). Impact: remote ...

IBM Data Virtualization Manager 安全漏洞

IBM Data Virtualization Manager is a general-purpose query engine from International Business Machines IBM that performs distributed and virtualized queries across databases, data warehouses, data lakes, and streaming data. A code execution vulnerability exists in IBM Data Virtualization Manager...

PT-2024-35477 · Ibm · Ibm Data Virtualization Manager For Z/Os

Name of the Vulnerable Software and Affected Versions: IBM Data Virtualization Manager for z/OS versions 1.1 through 1.2 Description: The issue allows an authenticated user to inject malicious JDBC URL parameters and execute code on the server. Recommendations: For versions 1.1 and 1.2, consider...

IBM PowerVM Hypervisor 安全漏洞

IBM PowerVM Hypervisor is an application from International Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS features and leading performance of the Power Systems platform. A security vulnerability exists in IBM...

UBUNTU-CVE-2024-53089

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Mark hrtimer to expire in hard interrupt context Like commit 2c0d278f3293f "KVM: LAPIC: Mark hrtimer to expire in hard interrupt context" and commit 9090825fa9974 "KVM: arm/arm64: Let the timer expire in hardirq...

Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability

Summary IBM Data Virtualization Manager for z/OS has a remote code execution RCE vulnerability in the JDBC component with fix pack dvm-jdbc-3.1.202406111013. Vulnerability Details CVEID: NA Description: Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during...

USN-7123-1 linux-azure vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service system crash or possibly expose sensitive information...

Moderate: Red Hat Security Advisory: qemu-kvm security update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

DEBIAN-CVE-2024-50296

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when uninstalling driver When the driver is uninstalled and the VF is disabled concurrently, a kernel crash occurs. The reason is that the two actions call function pcidisablesriov. The numVFs is check...

Unable to Interact with Some Hypervisors and Cloud Platforms

Veeam Backup & Replication 13.0.1 Upgrade Warning During the upgrade to Veeam Backup & Replication 13.0.1 or higher, the following warning may be displayed: Incompatible backup server certificate The certificate does not support child certificates creation and must be replaced for virtualization...

CVE-2024-51765

A security vulnerability has been identified in HPE Cray Data Virtualization Service DVS. Depending on configuration, this vulnerability may lead to local/cluster unauthorized access...