Microsoft Windows Hyper-V 安全漏洞

Microsoft Hyper-V is an application from Microsoft USA. A system hypervisor virtualization technology that enables desktop virtualization. A security vulnerability exists in Microsoft Windows Hyper-V. The following products and editions are affected:Windows 11 Version 23H2 for ARM64-based...

PT-2024-3771 · Vmware · Vmware Workstation +1

Name of the Vulnerable Software and Affected Versions: VMware Workstation and Fusion affected versions not specified Description: The issue is related to an information disclosure vulnerability in the vbluetooth device of VMware Workstation and Fusion. A malicious actor with local administrative...

The vulnerability of Xenstore information storage in Xen hypervisors allows a attacker to cause a service failure.

The vulnerability of Xenstore information storage system in Xen hypervisors is related to the unlimited distribution of resources. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of Xenstore information storage in Xen hypervisors allows a attacker to cause a service failure.

The vulnerability of Xenstore information storage in the Xen hypervisor relates to an uncontrolled recursion. Exploiting this vulnerability could allow an attacker to cause a service failure...

Citrix Hypervisor Security Update for CVE-2024-31497

Description of Problem Versions of XenCenter for Citrix Hypervisor 8.2 CU1 LTSR included a 3rd-party component, PuTTY, that is used to enable SSH connections from XenCenter to guest VMs when the “Open SSH Console” button is selected. The inclusion of PuTTY with XenCenter for Citrix Hypervisor 8.2...

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

CVE-2023-33119 Time-of-check Time-of-use (TOCTOU) Race Condition in Hypervisor

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache...

CVE-2023-33119 Time-of-check Time-of-use (TOCTOU) Race Condition in Hypervisor

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache...

CVE-2023-50227

Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest syste...

CVE-2023-50227

Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest syste...

CVE-2023-27328

Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system i...

CVE-2023-27328

Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system i...

CVE-2023-50227 Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability

Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest syste...

CVE-2023-50227 Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability

Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest syste...

CVE-2023-50227

CVE-2023-50227 describes a vulnerability in Parallels Desktop affecting the virtio-gpu virtual device. The issue is an out-of-bounds write caused by improper validation of user-supplied data, enabling a remote attacker to execute code in the hypervisor. Exploitation requires user interaction (the...

CVE-2023-27328

Parallels Desktop Toolgate XML Injection Local Privilege Escalation: Affected component is Toolgate within Parallels Desktop. Root cause is improper validation of a user-supplied string used to construct an XML document, enabling a local attacker to escalate privileges and execute arbitrary code ...

CVE-2023-27328 Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability

Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system i...

Corel Parallels Desktop 安全漏洞

Corel Parallels Desktop is a suite of virtual machine software for the macOS platform from Canada's Corel Digital Technology Corel. A security vulnerability exists in Corel Parallels Desktop that stems from a specific flaw in the virtio-gpu virtual appliance that lacks proper validation of...

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...