SUSE CVE-2020-23793

An issue was discovered in spice-server spice-server-0.14.0-6.el76.1.x8664 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects...

CVE-2020-23793

A flaw was found in spice-server in Redhat's VDI product that can restart KVMvirtual machine without any authorization. A handshake is required before spice-server and spice-client can establish communication, and spice-client will send a request containing information that the server needs. This...

PT-2025-54142

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-smp--fff2e47e6c3b-next 151 Description The Linux kernel contains a flaw within the KVM component related to SEV-ES intrahost migration. A mistake in the code causes KVM to attempt to retrieve source vCPUs...

CVE-2020-23793

An issue was discovered in spice-server spice-server-0.14.0-6.el76.1.x8664 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects...

CVE-2020-23793

An issue was discovered in spice-server spice-server-0.14.0-6.el76.1.x8664 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects...

CVE-2020-23793

An issue was discovered in spice-server spice-server-0.14.0-6.el76.1.x8664 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects...

spice 安全漏洞

spice is an adaptive telepresence open source protocol used by enterprise virtualized desktop editions. The product is primarily used to connect users to their virtual desktops and is capable of delivering the exact same end-user experience as a physical desktop. A security vulnerability exists i...

PT-2023-11653 · Red Hat · Spice-Server

Name of the Vulnerable Software and Affected Versions: spice-server version 0.14.0-6.el7 6.1.x86 64 Description: A security issue was discovered in Redhat's VDI product, allowing a KVM virtual machine to be restarted without authorization. The full extent of the effects is not yet known...

CVE-2020-23793

An issue was discovered in spice-server spice-server-0.14.0-6.el76.1.x8664 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects...

Monti Ransomware’s New Linux Variant Enhanced Encryption

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Monti ransomware, resembling Conti, resurfaces after a break, targeting legal and government sectors. A new Linux variant diverges significantly, using distinct tactics for encryption and virtual machine...

SUSE CVE-2023-4155

A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...

CVE-2023-39363 Vyper incorrectly allocated named re-entrancy locks

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in...

Authentication Bypass

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine...

Huawei HarmonyOS Input Validation Error Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an input validation class vulnerability in the audio module that can cause the device's...

UBUNTU-CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

The vulnerability of the Hotspot component in the Java SE software platform and Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machines allows attackers to access confidential information.

The vulnerability of the Hotspot component in the Java SE software platform and Oracle GraalVM Enterprise Edition/Oracle GraalVM for JDK virtual machines is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to access confidential information...

CentOS 7 : open-vm-tools (RHSA-2023:3944)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3944 advisory. - A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the gues...

USN-6257-1: Open VM Tools vulnerability

It was discovered that Open VM Tools incorrectly handled certain authentication requests. A fully compromised ESXi host can force Open VM Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. CVE-2023-20867...

K000135621: VMware Tools vulnerability CVE-2023-20867

Security Advisory Description A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. CVE-2023-20867 Impact There is no impact; F5 products are not affected by this...

PYSEC-2023-133

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...