Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

RHEL confidential virtual machines on Azure: A technical deep dive

The Red Hat Enterprise Linux 9.2 CVM Preview image for Azure confidential VMs has been released, and it represents an important step forward in confidential virtual machines. In this article, I focus on the changes Implemented to support the emerging confidential computing use-case, and some of the expected changes in the future. For this article, I'm using confidential virtual machines (CVMs) with the Technology Preview of Red Hat Enterprise Linux 9.2, running as a guest on Microsoft Azure confidential VMs. This builds on my previous post in which I discussed the high-level requirements fo

Red Hat Blog
Open in Source
#mac#microsoft#linux#red_hat#backdoor#amd
CVE-2023-3220

An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference.

CVE-2023-2533: PaperCut: Print management software

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.

CVE-2020-20703: UAF: Access violation near NULL on destination operand · Issue #5041 · vim/vim

Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter.

CVE-2023-34600: Home - Adiscon LogAnalyzer

Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.

Symantec SiteMinder WebAgent 12.52 Cross Site Scripting

Symantec SiteMinder WebAgent version 12.52 suffers from a cross site scripting vulnerability.

Red Hat Security Advisory 2023-3677-01

Red Hat Security Advisory 2023-3677-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-3665-01

Red Hat Security Advisory 2023-3665-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

WordPress Theme Medic 1.0.0 Weak Password Recovery Mechanism

WordPress Theme Medic theme version 1.0.0 suffers from having a weak password recovery mechanism for the forgot password flow.

Tenda AC6 AC1200 15.03.06.50_multi Cross Site Scripting

Tenda AC6 AC1200 version 15.03.06.50_multi suffers from a persistent cross site scripting vulnerability.