Vulnerabilities fixed in Citrix Hypervisor

Citrix has fixed vulnerabilities in Hypervisor. The vulnerabilities allow a malicious person with the right to execute code execute code in the guest be able to obtain system data, appropriate assign privileges on the host or cause a denial-of-service cause a Denial-of-Service on the host. Citrix...

Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values which trigger an out-of-bounds write.

...

CVE-2020-17401

This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

CVE-2018-6981

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the...

CVE-2018-6974

VMware ESXi 6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG, Workstation 14.x before 14.1.3 and Fusion 10.x before 10.1.3 contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host...

CVE-2018-6973

VMware Workstation 14.x before 14.1.3 and Fusion 10.x before 10.1.3 contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host...

openSUSE Security Update : libvirt (openSUSE-2018-358) (Spectre)

This update for libvirt and virt-manager fixes the following issues : Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' var2 bsc1079869. - CVE-2018-6764: Fixed guest executable code injection via libnssdns.so loaded by libvirtlxc before init...

SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2018:0920-1) (Spectre)

This update for libvirt and virt-manager fixes the following issues: Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' var2 bsc1079869. - CVE-2018-6764: Fixed guest executable code injection via libnssdns.so loaded by libvirtlxc before init...

CVE-2017-4949

VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default...

VMware Fusion Memory Corruption Vulnerability (VMSA-2017-0005) - Mac OS X

VMware Fusion is prone to a memory corruption vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:fusion";...

CVE-2017-4901

The drag-and-drop DnD function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion...

Design/Logic Flaw

The drag-and-drop DnD function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion...

VMware ESXi updates address critical and moderate security issues (VMSA-2017-0006)

VMware ESXi updates address critical and moderate security issues. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-7083

VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service host OS memory corruption via TrueType fonts embedd...

spice: memory corruption in worker_update_monitors_config()

A race condition flaw, leading to a heap-based memory corruption, was found in spice's workerupdatemonitorsconfig function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with th...

UBUNTU-CVE-2014-0049

Buffer overflow in the completeemulatedmmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancelworkitem data...

CVE-2012-6075

Buffer overflow in the e1000receive function in the e1000 device driver hw/e1000.c in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service guest OS crash and possibly execute arbitrary guest code via a large packet...

CVE-2012-6075

Buffer overflow in the e1000receive function in the e1000 device driver hw/e1000.c in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service guest OS crash and possibly execute arbitrary guest code via a large packet...

DEBIAN-CVE-2012-6075

Buffer overflow in the e1000receive function in the e1000 device driver hw/e1000.c in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service guest OS crash and possibly execute arbitrary guest code via a large packet...

Buffer overflow

Buffer overflow in the e1000receive function in the e1000 device driver hw/e1000.c in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service guest OS crash and possibly execute arbitrary guest code via a large packet...