CVE-2024-12902

ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default...

CVE-2024-12902 Global Wisdom Software ANCHOR - Undocumented Privileged Account

ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default...

CVE-2024-12902

The CVE covers Global Wisdom Software ANCHOR running on a Windows VM, where default passwords on high-privilege Windows service accounts could let an attacker remotely log in to the VM. Public documents confirm the vulnerability vector as remote access via default credentials, driven by OS-level ...

SUSE CVE-2024-11614

An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using...

kernel: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memory Ignore nCR34:0 when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforce 32-byte alignment of...

kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver()

A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks...

Important: Red Hat Security Advisory: python-virtualenv security update

An update for python-virtualenv is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Virtuozzo Hybrid Server 7.5 Update 7 Hotfix 1 (7.5.7-151)

The Hotfix 1 for Virtuozzo Hybrid Server 7.5 Update 7 provides new features, as well as stability and usability bug fixes. Vulnerability id: PSBM-159866 Fixed an issue with the 'c2v-convert' tool failing while creating a filesystem for a virtual machine's disk. Vulnerability id: PSBM-159824 The...

OESA-2024-2522 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked When requesting an NMI window, WARN on vNMI support being enabled if and only if NMIs are actual...

CVE-2024-11149

In OpenBSD 7.4 before errata 014, vmm4 did not restore GDTR limits properly on Intel VMX CPUs...

CVE-2024-51544

Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

ROS-20241203-04

A vulnerability in the Kubernetes virtual machine cluster management software tool is related to incorrectly restriction of the path name to a restricted directory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code outside of the container...

PT-2025-23571 · Qualcomm · Snapdragon

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Memory corruption may occur while attaching a virtual machine VM when the Host Operating System HLOS retains access to the VM. Recommendations: At the moment, there is no information about a...

podman: podman machine spawns gvproxy with port bound to all IPs

A flaw was found in podman. The podman machine function used to create and manage Podman virtual machine containing a Podman process spawns a gvproxy process on the host system. The gvproxy API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall...

OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

AZL-54620 CVE-2024-53089 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Mark hrtimer to expire in hard interrupt context Like commit 2c0d278f3293f "KVM: LAPIC: Mark hrtimer to expire in hard interrupt context" and commit 9090825fa9974 "KVM: arm/arm64: Let the timer expire in hardirq...

AZL-54611 CVE-2024-53089 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Mark hrtimer to expire in hard interrupt context Like commit 2c0d278f3293f "KVM: LAPIC: Mark hrtimer to expire in hard interrupt context" and commit 9090825fa9974 "KVM: arm/arm64: Let the timer expire in hardirq...

The vulnerability of the VMCI component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the VMCI component in the Linux operating system’s kernel is related to errors in resource management within the dgdispatchashost function. Exploiting this vulnerability can allow an attacker to trigger a service failure...

UBUNTU-CVE-2024-3447

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s-datacount and the size of s-fifobuffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a...

kernel: vmci: prevent speculation leaks by sanitizing event in event_deliver()

A vulnerability was found in the eventdeliver function in the Linux kernel's VMCI component, where the issue involves a lack of sanitization for the eventdata.event index controlled by user-space, which could lead to speculative information leaks...