Lucene search
K

13007 matches found

OSV
OSV
added 2024/05/10 2:32 p.m.31 views

RLSA-2024:2560 Moderate: libvirt security and bug fix update

The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fixes: libvirt: off-by-one error in udevListInterfacesByStatus...

6.2CVSS6.5AI score0.00398EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2024/05/10 2:32 p.m.38 views

libvirt security and bug fix update

An update is available for libvirt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libvirt library contains a C API for managing and interacting with the...

6.2CVSS7.3AI score0.00398EPSS
Exploits0
OSV
OSV
added 2024/05/10 11:7 a.m.3 views

OESA-2024-1564 sos security update

Sos is an extensible, portable, support data collection tool primarily aimed at Linux distributions and other UNIX-like operating systems. Security Fixes: It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el86,...

5.5CVSS7.1AI score0.00233EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/05/08 1:4 a.m.7 views

kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs

A flaw was found in KVM. An improper check in svmsetx2apicmsrinterception may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition...

6CVSS6.8AI score0.00234EPSS
Exploits0References4
Rosalinux
Rosalinux
added 2024/05/07 8:22 a.m.30 views

Advisory ROSA-SA-2024-2417

Software: faad2 2.8.8 OS: ROSA Virtualization 2.1 packageevrstring: faad2-2.8.8-6.0.1.rv3 CVE-ID: CVE-2021-32272 BDU-ID: 2022-01810 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the stszin function of the mp4read.c component of the Freeware Advanced Audio Decoder 2 FAAD2 audio decoder is related t...

7.8CVSS7.5AI score0.01218EPSS
Exploits1
Rosalinux
Rosalinux
added 2024/05/07 8:18 a.m.20 views

Advisory ROSA-SA-2024-2416

Software: binutils 2.30 OS: ROSA Virtualization 2.1 packageevrstring: binutils-2.30-108.0.1.rv3.1 CVE-ID: CVE-2021-37322 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: GCC c++filt v2.26 was found to contain a post-release exploitation vulnerability via the cplus-dem.c component. CVE-STATUS: Not Relevant...

7.8CVSS7.4AI score0.00853EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/06 10:5 p.m.30 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to the use of IBM Db2

Summary IBM Virtualization Engine TS7700 is susceptible to the vulnerabilities listed below due to the embedded use of IBM Db2. IBM Db2 is used in TS7700 to store metadata about the data it manages. CVE-2023-30431, CVE-2023-29257, CVE-2023-26021, CVE-2023-25930, CVE-2023-27559, CVE-2023-40692...

8.4CVSS8.2AI score0.01513EPSS
Exploits0Affected Software3
SUSE CVE
SUSE CVE
added 2024/05/03 2:9 a.m.2 views

SUSE CVE-2024-26949

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Because powerplaytable initialization is skipped under sriov case, We check and set default lower and upper OD value if powerplaytable is NULL...

5.5CVSS6.8AI score0.00243EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2024/05/03 2:9 a.m.2 views

SUSE CVE-2024-26990

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Check kvmmmupageadneedwriteprotect when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU accounts for any...

5.5CVSS6.8AI score0.00224EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2024/05/03 2:9 a.m.10 views

SUSE CVE-2024-26992

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable support for adaptive PEBS Drop support for virtualizing adaptive PEBS, as KVM's implementation is architecturally broken without an obvious/easy path forward, and because exposing adaptive PEBS can leak host...

3.3CVSS6.4AI score0.00221EPSS
Exploits0References10
Rosalinux
Rosalinux
added 2024/05/02 9:4 a.m.43 views

Advisory ROSA-SA-2024-2411

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-22.rv3.src.rpm CVE-ID: CVE-2021-22897 BDU-ID: 2022-00375 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Transport Layer Security TLS protocol implementation of the libcurl library is due to security flaws in the...

9.8CVSS7.6AI score0.0982EPSS
Exploits6
Rosalinux
Rosalinux
added 2024/05/02 7:56 a.m.26 views

Advisory ROSA-SA-2024-2410

Software: cloud-init 20.3 OS: ROSA Virtualization 2.1 packageevrstring: cloud-init-20.3-10.el84.5.src.rpm CVE-ID: CVE-2021-3429 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When instructing Cloud-init to set a random password for a new version user account, Cloud-init wrote that password to the publi...

5.5CVSS7.3AI score0.00236EPSS
Exploits0
OSV
OSV
added 2024/05/01 6:15 a.m.1 views

DEBIAN-CVE-2024-26991

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: x86: Don't overflow lpageinfo when checking attributes Fix KVMSETMEMORYATTRIBUTES to not overflow lpageinfo array and trigger KASAN splat, as seen in the privatememconversionstest selftest. When memory attributes ar...

5.5CVSS5.7AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2024/05/01 6:15 a.m.1 views

DEBIAN-CVE-2024-26990

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Check kvmmmupageadneedwriteprotect when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU accounts for any...

5.5CVSS5.5AI score0.00224EPSS
Exploits0References1
OSV
OSV
added 2024/05/01 6:15 a.m.2 views

DEBIAN-CVE-2024-26976

In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async PF workqueue when vCPU is being destroyed Always flush the per-vCPU async PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure tha...

7CVSS5.7AI score0.00259EPSS
Exploits0References1
OSV
OSV
added 2024/05/01 6:15 a.m.2 views

UBUNTU-CVE-2024-26992

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable support for adaptive PEBS Drop support for virtualizing adaptive PEBS, as KVM's implementation is architecturally broken without an obvious/easy path forward, and because exposing adaptive PEBS can leak host...

3.3CVSS6.6AI score0.00221EPSS
Exploits0References11
OSV
OSV
added 2024/05/01 6:15 a.m.1 views

UBUNTU-CVE-2024-26990

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Check kvmmmupageadneedwriteprotect when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU accounts for any...

5.5CVSS6.6AI score0.00224EPSS
Exploits0References10
OSV
OSV
added 2024/05/01 6:15 a.m.3 views

UBUNTU-CVE-2024-26991

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: x86: Don't overflow lpageinfo when checking attributes Fix KVMSETMEMORYATTRIBUTES to not overflow lpageinfo array and trigger KASAN splat, as seen in the privatememconversionstest selftest. When memory attributes ar...

5.5CVSS6.5AI score0.00227EPSS
Exploits0References9
OSV
OSV
added 2024/05/01 6:15 a.m.1 views

UBUNTU-CVE-2024-26976

In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async PF workqueue when vCPU is being destroyed Always flush the per-vCPU async PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure tha...

7CVSS6.2AI score0.00259EPSS
Exploits0References30
RedHat Linux
RedHat Linux
added 2024/05/01 12:42 a.m.4 views

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

7.1CVSS6.7AI score0.00247EPSS
Exploits0References6
Rows per page
Query Builder