Lucene search
K

38 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001591)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001591 advisory. A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instructio...

7.8CVSS6.4AI score0.00698EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002799)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002799 advisory. A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instructio...

7.8CVSS6.4AI score0.00698EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.7 views

TencentOS Server 4: open-vm-tools (TSSA-2024:0041)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0041 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7.5CVSS7AI score0.01193EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-18421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and...

7.5CVSS6.9AI score0.01679EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/08/05 7:0 a.m.7 views

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

...

7.8CVSS8.4AI score0.0101EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2024/01/10 10:50 a.m.2 views

kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user...

7.8CVSS6.7AI score0.00282EPSS
Exploits0References4
OSV
OSV
added 2023/09/15 11:5 a.m.4 views

OESA-2023-1629 open-vm-tools security update

The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...

7.5CVSS6.8AI score0.13638EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/28 6:15 p.m.4 views

CVE-2023-21185

In multiple functions of WifiNetworkFactory.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android I...

7.8CVSS6.1AI score0.00088EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.3 views

SUSE CVE-2013-0228

The xeniret function in arch/x86/xen/xen-asm32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirtops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application...

6.2CVSS6.7AI score0.00394EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.6 views

SUSE CVE-2014-3969

Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors...

7.4CVSS6.8AI score0.00653EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.6 views

SUSE CVE-2018-19961

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes...

7.8CVSS7.1AI score0.00409EPSS
Exploits0References15
NCSC
NCSC
added 2022/06/10 12:0 a.m.2 views

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in the Xen hypervisor. The vulnerabilities allow a malicious person with access to a guest system to obtain elevated privileges on the host and can thereby compromise the system. Xen has released updates to fix the vulnerabilities. More information can be found on...

7.2CVSS7.6AI score0.00494EPSS
Exploits3
OSV
OSV
added 2021/03/09 6:15 p.m.1 views

DEBIAN-CVE-2021-20263

A flaw was found in the virtio-fs shared file system daemon virtiofsd of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could ...

3.3CVSS6.7AI score0.00377EPSS
Exploits0References1
OSV
OSV
added 2020/09/23 10:15 p.m.4 views

DEBIAN-CVE-2020-25599

An issue was discovered in Xen through 4.14.x. There are evtchnreset race conditions. Uses of EVTCHNOPreset potentially by a guest on itself or XENDOMCTLsoftreset by itself covered by XSA-77 can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses ...

7CVSS6.2AI score0.00286EPSS
Exploits0References1
OSV
OSV
added 2020/05/29 7:15 p.m.4 views

CVE-2020-1798

HUAWEI P30 smartphones with versions earlier than 10.1.0.135C00E135R2P11 have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successfu...

4.6CVSS5.8AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2019/12/11 6:16 p.m.1 views

DEBIAN-CVE-2019-19580

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type...

6.6CVSS6.8AI score0.01187EPSS
Exploits0References1
OSV
OSV
added 2019/10/31 2:15 p.m.4 views

ALPINE-CVE-2019-18421

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen...

7.5CVSS7.5AI score0.01679EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/10/31 12:0 a.m.12 views

PT-2019-4839 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen versions 3.2 through 4.12.x Description: The issue is related to an error in the x86 PV emulation of the Xen hypervisor, specifically a missing check for the descriptor table limit. This could allow a remote attacker to access confidentia...

9.8CVSS7.3AI score0.16658EPSS
Exploits4References188
RedHat Linux
RedHat Linux
added 2019/08/07 7:56 p.m.3 views

kernel: kvm: guest userspace to guest kernel write

A flaw was found in the way Linux kernel KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilegeCPL level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside...

7.8CVSS7.1AI score0.0047EPSS
Exploits0References4
Veracode
Veracode
added 2019/05/02 6:29 a.m.28 views

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS attacks. This occurs while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest...

8.4CVSS8.5AI score0.01828EPSS
Exploits5References15Affected Software1
Rows per page
Query Builder