171 matches found
MGASA-2021-0486 Updated flatpak packages fix security vulnerability
Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related...
kernel: powerpc: KVM guest OS users can cause host OS memory corruption
A flaw was found on the Linux kernel. On the PowerPC platform, the KVM guest allows the OS users to cause host OS memory corruption via rtasargs.nargs. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
Command injection
In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data forms, cookies, HTTP headers etc. to a...
CVE-2020-24639
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...
Input validation
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...
CVE-2020-24639
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...
CVE-2020-14339
A flaw was found in libvirt, where it leaked a file descriptor for /dev/mapper/control into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of...
VulnCheck KEV: CVE-2020-1040
Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system...
Microsoft Hyper-V RemoteFX vGPU Buffer Overflow Vulnerability
Microsoft Windows is a popular operating system. A buffer overflow vulnerability exists in Microsoft Hyper-V RemoteFX vGPU, which originates when a program fails to properly validate input from an authenticated user on a virtual machine operating system. An attacker could exploit the vulnerabilit...
Microsoft Windows Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. Windows Hyper-V is one of the virtualization products that supports...
Microsoft Hyper-V RemoteFX vGPU Buffer Overflow Vulnerability (CNVD-2020-45324)
Microsoft Windows is a popular operating system. A buffer overflow vulnerability exists in Microsoft Hyper-V RemoteFX vGPU that originates from a program's inability to properly validate authenticated user input on a virtual machine operating system. An attacker could exploit the vulnerability by...
Microsoft Windows Hyper-V Remote Code Execution Vulnerability (CNVD-2020-23433)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. Windows Hyper-V is one of the virtualization products that supports...
Xen Input Validation Error Vulnerability
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. An input validation error vulnerability exis...
CVE-2019-16758
In Lexmark Services Monitor 2.27.4.0.39 running on TCP port 2070, a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system...
Windows Hyper-V Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...
The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to execute arbitrary code.
The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the host operating system using a specially created application...
CVE-2019-0720
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating syste...
Windows Hyper-V Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...
Docker Elevation of Privilege Vulnerability
Summary CVE-2018-15664 describes a vulnerability in the Docker runtime and the underlying community project, Moby wherein a malicious/compromised container can acquire full read/write access to the host operating system where that container is running. The vulnerability depends on the way that th...
CVE-2019-0722
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...