Lucene search
+L

171 matches found

OSV
OSV
added 2021/10/23 10:5 a.m.7 views

MGASA-2021-0486 Updated flatpak packages fix security vulnerability

Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process, by manipulating the VFS using recent mount-related...

8.8CVSS8.4AI score0.00406EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/10/12 9:39 a.m.4 views

kernel: powerpc: KVM guest OS users can cause host OS memory corruption

A flaw was found on the Linux kernel. On the PowerPC platform, the KVM guest allows the OS users to cause host OS memory corruption via rtasargs.nargs. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS7.1AI score0.00575EPSS
Exploits1References5
Prion
Prion
added 2021/05/26 7:15 p.m.15 views

Command injection

In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data forms, cookies, HTTP headers etc. to a...

10CVSS9.8AI score0.02713EPSS
Exploits0References1
NVD
NVD
added 2021/01/15 7:15 p.m.14 views

CVE-2020-24639

There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...

10CVSS9.6AI score0.07241EPSS
Exploits0References1
Prion
Prion
added 2021/01/15 7:15 p.m.20 views

Input validation

There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...

10CVSS9.5AI score0.02912EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/01/15 6:33 p.m.21 views

CVE-2020-24639

There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system...

9.7AI score0.07241EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2020/12/03 12:0 a.m.56 views

CVE-2020-14339

A flaw was found in libvirt, where it leaked a file descriptor for /dev/mapper/control into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of...

8.8CVSS8.3AI score0.00416EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2020/10/20 12:0 a.m.6 views

VulnCheck KEV: CVE-2020-1040

Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system...

9CVSS7.9AI score0.06903EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/20 12:0 a.m.2 views

Microsoft Hyper-V RemoteFX vGPU Buffer Overflow Vulnerability

Microsoft Windows is a popular operating system. A buffer overflow vulnerability exists in Microsoft Hyper-V RemoteFX vGPU, which originates when a program fails to properly validate input from an authenticated user on a virtual machine operating system. An attacker could exploit the vulnerabilit...

9CVSS9.2AI score0.06903EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/20 12:0 a.m.2 views

Microsoft Windows Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. Windows Hyper-V is one of the virtualization products that supports...

9CVSS8.3AI score0.05466EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/20 12:0 a.m.4 views

Microsoft Hyper-V RemoteFX vGPU Buffer Overflow Vulnerability (CNVD-2020-45324)

Microsoft Windows is a popular operating system. A buffer overflow vulnerability exists in Microsoft Hyper-V RemoteFX vGPU that originates from a program's inability to properly validate authenticated user input on a virtual machine operating system. An attacker could exploit the vulnerability by...

9CVSS7.9AI score0.05466EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/16 12:0 a.m.4 views

Microsoft Windows Hyper-V Remote Code Execution Vulnerability (CNVD-2020-23433)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, U.S.A. Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. Windows Hyper-V is one of the virtualization products that supports...

8.4CVSS8.3AI score0.09043EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/05 12:0 a.m.4 views

Xen Input Validation Error Vulnerability

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. An input validation error vulnerability exis...

7.2CVSS9.3AI score0.00451EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/21 5:56 p.m.20 views

CVE-2019-16758

In Lexmark Services Monitor 2.27.4.0.39 running on TCP port 2070, a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system...

7.4AI score0.16765EPSS
Exploits4References4
Microsoft CVE
Microsoft CVE
added 2019/11/12 8:0 a.m.28 views

Windows Hyper-V Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...

8.4CVSS4.3AI score0.02748EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/08/22 12:0 a.m.8 views

The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the host operating system using a specially created application...

8.5CVSS6AI score0.03841EPSS
Exploits0References2
OSV
OSV
added 2019/08/14 9:15 p.m.2 views

CVE-2019-0720

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating syste...

8CVSS7.9AI score0.03841EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.34 views

Windows Hyper-V Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...

7.7CVSS4.3AI score0.01254EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/07/09 7:0 a.m.36 views

Docker Elevation of Privilege Vulnerability

Summary CVE-2018-15664 describes a vulnerability in the Docker runtime and the underlying community project, Moby wherein a malicious/compromised container can acquire full read/write access to the host operating system where that container is running. The vulnerability depends on the way that th...

7.5CVSS7.2AI score0.03398EPSS
Exploits2
OSV
OSV
added 2019/06/12 2:29 p.m.6 views

CVE-2019-0722

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could...

8.8CVSS8.3AI score0.04716EPSS
Exploits0References2
Rows per page
Query Builder