+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-03-07 (/Thread-HackerOne-Disclosed-Reports-2025-03-07)
HackerOne disclosed reports - 2025-03-07 - hashXploiter - 03-08-2025
resolved
Deadlock in x86 HVM standard VGA handling
Bug reported by styxs was disclosed at March 7, 2025, 8:37 pm | Improper Input Validation
The Xen hypervisor contained a vulnerability in its handling of standard VGA memory accesses for HVM guests. The locking mechanism used had an unusual discipline that could lead to a deadlock when emulating an instruction with two memory accesses to VGA memory. The vulnerability was acknowledged by the Xen project, which released patches and a security advisory. The issue was addressed by backporting the removal of the affected feature.
resolved
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
Bug reported by ch4n3.yoon was disclosed at March 7, 2025, 7:49 pm | Uncontrolled Resource Consumption
A possible ReDoS vulnerability was discovered in the query parameter filtering routines of Action Dispatch in Ruby on Rails. The vulnerability was assigned the CVE identifier CVE-2024-41128. Versions affected were less than 8.0.0.beta1. The issue was addressed in fixed versions 7.2.1.1, 7.1.4.1, 7.0.8.5, and 6.1.7.9. Rails applications using Ruby 3.2 or newer were not affected.