Windows Gather Virtual Environment Detection

This module attempts to determine whether the system is running inside of a virtual environment and if so, which one. This module supports detection of Hyper-V, VMWare, VirtualBox, Xen, QEMU, and Parallels. This module requires Metasploit: https://metasploit.com/download Current source:...

[SECURITY] Fedora 39 Update: open-vm-tools-12.3.0-1.fc39

The open-vm-tools project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and...

Virtuozzo Hybrid Server 7.5 Update 5 Hotfix 1 (7.5.5-266)

The Hotfix 1 for Virtuozzo Hybrid Server 7.5 Update 5 provides stability and usability bug fixes. Vulnerability id: PSBM-150085 After upgrading from Virtuozzo Hybrid Server 7.5 Update 4 to Virtuozzo Hybrid Server 7.5 Update 5, a new 'dkms-ice' module installation could cause a loss of network...

Virtuozzo Hybrid Infrastructure 5.4 Update 4 (5.4.4-112)

This update delivers a new feature for the compute service, performance optimization for the object storage, as well as stability, security, and performance improvements. Vulnerability id: VSTOR-74916 VMs with Windows Server 2019, Windows Server 2022, and Windows 10 fail to boot after installatio...

DEBIAN-CVE-2023-4155

A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...

SUSE SLES15: libvmtools-devel / libvmtools0 / open-vm-tools / etc (SUSE-SU-2023:2604-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2604-2 advisory. - CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module bsc1212143. Bug fixes: - Fixed build problem with grpc 1.54...

Debian DSA-5493-1 : open-vm-tools - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5493 advisory. - A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the...

abi.encode() function does not support dynamic arrays in Solidity version 0.8.16 or earlier.

Lines of code Vulnerability details Description The bug is in the burnAndCallAxelar function. The function uses the abi.encode function to encode the payload to send to the AxelarGateway contract. However, the abi.encode function was changed in Solidity version 0.8.17 to remove the support for...

CVE-2023-41051

In a typical Virtual Machine Monitor VMM there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memor...

CVE-2023-41051

In a typical Virtual Machine Monitor VMM there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memor...

Design/Logic Flaw

In a typical Virtual Machine Monitor VMM there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memor...

CVE-2023-41051

CVE-2023-41051 concerns the vm-memory crate used in VMMs. A flaw in the default implementations of VolatileMemory::get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, and get_array_ref allows out-of-bounds access if VolatileMemory::get_slice returns a VolatileSlice whose length is less than ...

CVE-2023-41051 Default functions in VolatileMemory trait lack bounds checks in vm-memory

In a typical Virtual Machine Monitor VMM there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memor...

CVE-2023-20900

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...

Design/Logic Flaw

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...

CVE-2023-20900

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...

CVE-2023-20900

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a...

CLSA-2023-1693426883 kernel: Fix of 20 CVEs

netfilter: nftsetpipapo: fix improper element removal CVE-2023-4004 - net: tun: fix bugs for oversize packet when napi frags enabled CVE-2023-3812 - net/sched: clsfw: Fix improper refcount update leads to use-after-free CVE-2023-3776 - net/sched: schqfq: account for stab overhead in qfqenqueue...

Exploit for Cleartext Transmission of Sensitive Information in Keepass

keepass-dump-masterkey Usage python3 poc.py Previe...

Fedora: Security Advisory for qemu (FEDORA-2023-68df3f4b02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...