RLSA-2023:3948 Low: open-vm-tools security update

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fixes: open-vm-tools: authentication bypass vulnerability in the...

RLSA-2023:3949 Low: open-vm-tools security update

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fixes: open-vm-tools: authentication bypass vulnerability in the...

Rocky Linux 9 : open-vm-tools (RLSA-2023:3948)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:3948 advisory. - A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest...

Rocky Linux 8 : open-vm-tools (RLSA-2023:3949)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:3949 advisory. - A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest...

UBUNTU-CVE-2023-36808

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native...

CVE-2023-36808 GLPI vulnerable to SQL injection through Computer Virtual Machine information

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native...

CVE-2023-36808 GLPI vulnerable to SQL injection through Computer Virtual Machine information

GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue. As a workaround, one may disable native...

SUSE CVE-2023-22387

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption...

UBUNTU-CVE-2023-35001

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nftbyteorder poorly handled vm register contents when CAPNETADMIN is in any user or network namespace...

GLPI vulnerable to SQL injection through Computer Virtual Machine information

[email protected] reports: GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.8, Computer Virtual Machine form and GLPI inventory request can be used to perform a SQL injection attack. Version 10.0.8 has a patch for this issue...

Memory corruption

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption...

PT-2023-18479 · Qualcomm · Sd205 Firmware +248

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue involves arbitrary memory overwrite when a virtual machine gets compromised during a transaction write, leading to memory corruption. Recommendations: At the moment, there is ...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipsets from Qualcomm, an American company. The Qualcomm Chipsets suffer from a security vulnerability that stems from an arbitrary memory overwrite issue that can lead to memory corruption when VM writes in TX are compromised...

SUSE CVE-2023-3354

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...

Low: Red Hat Security Advisory: open-vm-tools security update

An update for open-vm-tools is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Low: Red Hat Security Advisory: open-vm-tools security and bug fix update

An update for open-vm-tools is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Low: Red Hat Security Advisory: open-vm-tools security update

An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

ALSA-2023:3949 Low: open-vm-tools security update

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fixes: open-vm-tools: authentication bypass vulnerability in the...

Low: open-vm-tools security update

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fixes: open-vm-tools: authentication bypass vulnerability in the...

PT-2023-4596

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up...