Lucene search
K

314 matches found

OSV
OSV
added 2023/04/20 2:37 p.m.4 views

GHSA-CH3R-J5X3-6Q2M vm2 Sandbox Escape vulnerability

There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException which can be used to escape the sandbox and run arbitrary code in host context. Impact A threat actor can bypass the sandbox...

9.8CVSS7.8AI score0.72087EPSS
Exploits5References7
Positive Technologies
Positive Technologies
added 2023/04/17 12:0 a.m.7 views

PT-2023-2417

Name of the Vulnerable Software and Affected Versions vm2 versions up to 3.9.16 Description The issue exists due to inadequate sanitization of special elements in the handleException function of the vm2 library, allowing a remote attacker to escape the sandbox and execute arbitrary code in the ho...

10CVSS7.8AI score0.72087EPSS
Exploits5References21
Debian CVE
Debian CVE
added 2023/04/15 12:0 a.m.31 views

CVE-2021-45464

Removed by vendor...

8.8CVSS8.7AI score0.00382EPSS
Exploits1
OSV
OSV
added 2023/04/12 8:42 p.m.6 views

GHSA-XJ72-WVFV-8985 vm2 Sandbox Escape vulnerability

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. Impact A threat...

9.8CVSS7.8AI score0.03852EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.5 views

PT-2023-9255 · Parallels · Parallels Desktop

Name of the Vulnerable Software and Affected Versions: Parallels Desktop affected versions not specified Description: The issue is related to a heap-based buffer overflow in the Toolgate component of Parallels Desktop, which can be exploited by local attackers to escalate privileges and execute...

8.2CVSS8AI score0.0025EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2023/03/10 8:0 a.m.5 views

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU resulting in a denial of service condition or potentially execute code on the host with the privileges of the QEMU process.

...

7.5CVSS6.8AI score0.00522EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.4 views

SUSE CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands...

7.2CVSS7.9AI score0.0063EPSS
Exploits0References19
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.5 views

SUSE CVE-2015-5225

Buffer overflow in the vncrefreshserversurface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service heap memory corruption and process crash or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the serve...

7.2CVSS8.2AI score0.00533EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:4 a.m.5 views

SUSE CVE-2016-3710

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue...

8.8CVSS8.8AI score0.00916EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.4 views

SUSE CVE-2016-6351

The espdodma function in hw/scsi/esp.c in QEMU aka Quick Emulator, when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash or execute arbitrary code on the QEMU host via vectors involvi...

6.7CVSS8.8AI score0.00474EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:55 a.m.5 views

SUSE CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this fla...

9.9CVSS9.6AI score0.04448EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2023/02/15 4:52 a.m.4 views

SUSE CVE-2017-2620

Quick emulator QEMU before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrusbitbltcputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially...

9.9CVSS9.4AI score0.03559EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2023/02/15 4:45 a.m.4 views

SUSE CVE-2017-8903

Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213...

8.8CVSS9.5AI score0.0049EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:45 a.m.3 views

SUSE CVE-2017-8904

Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOPtransfer aka guest transfer operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214...

8.8CVSS9.5AI score0.00421EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:39 a.m.4 views

SUSE CVE-2017-14167

Integer overflow in the loadmultiboot function in hw/i386/multiboot.c in QEMU aka Quick Emulator allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write...

4CVSS7.9AI score0.00603EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:38 a.m.4 views

SUSE CVE-2017-15588

An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry...

8.1CVSS9.3AI score0.0033EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.3 views

SUSE CVE-2021-3713

An out-of-bounds write flaw was found in the UAS USB Attached SCSI device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevice-data3 and UASDevice-status3 fields. A malicious guest use...

7.8CVSS7.8AI score0.00566EPSS
Exploits0References21
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.2 views

SUSE CVE-2021-3748

A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to numbuffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting i...

6.7CVSS6.9AI score0.00522EPSS
Exploits0References21
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.4 views

SUSE CVE-2021-3929

A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvmectrlreset, data structs will be freed leading to a use-after-free issue. A malicious guest could...

8.2CVSS7.5AI score0.00643EPSS
Exploits2References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.5 views

SUSE CVE-2021-21261

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system a sandbox escape. This sandbox-escape bug is present in versio...

7.3CVSS7.9AI score0.0057EPSS
Exploits0References7
Rows per page
Query Builder