vm2 注入漏洞

vm2 is an advanced virtual machine/sandbox for Node.js by individual developer Patrik Simek in the Czech Republic. to run untrusted code using whitelisted Node built-in modules. An injection vulnerability exists in versions prior to vm2 3.9.17, which stems from an exception cleanup presence...

OESA-2023-1212 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: Kernel: A denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.cCVE-2023-28328 A slab-out-of-bound read problem was found in brcmfgetassocies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c ...

K000133409: Log4j vulnerability CVE-2023-26464

Security Advisory Description UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging...

A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace causing an information leak.

...

Xen 资源管理错误漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen suffers from a security vulnerability th...

CVE-2022-43938

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports .prpt through the JVM script manager...

CVE-2023-0197

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service...

Virtuozzo Hybrid Infrastructure 5.3 Update 1 Hotfix 2 (5.3.1-47)

This update provides stability fixes for the compute, object storage, and core storage services. Vulnerability id: VSTOR-65934 After an update from 5.2.x to 5.3.x, the object storage may not be started due to an invalid configuration file. Vulnerability id: VSTOR-63084 Unable to manage a virtual...

How to know when VM was created

Determine when a VM was created...

CP Plus KVMS Pro 安全漏洞

CP Plus KVMS Pro is a virtual machine software from CP Plus. A security vulnerability exists in CP Plus KVMS Pro version V2.01.0.T.190521 and prior versions. An attacker exploited the vulnerability to cause sensitive credentials to be disclosed...

UBUNTU-CVE-2023-1513

A flaw was found in KVM. When calling the KVMGETDEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvmdebugregs structure that could be copied to userspace, causing an information leak...

Linux KVM 安全漏洞

Linux KVM is a kernel-based virtual machine. A security vulnerability exists in Linux KVM that stems from the presence of an information leakage vulnerability...

Toolgate component path traversal vulnerability in Parallels Desktop for Mac products

Parallels Desktop is a virtual machine management software that runs on mac computers and allows users to easily run Windows/Linux operating systems and applications under macOS. A malicious program in quarantine can escape through the virtual machine to execute arbitrary code in the host compute...

DEBIAN-CVE-2022-42334

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen, whic...

CVE-2023-26484

KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler the KubeVirt node-daemon is running, the virt-handler service account can be used to modify all node specs. This can be misused to...

Virtuozzo Hybrid Infrastructure 5.4 Hotfix 1 (5.4.0-138)

This update provides stability fixes for the compute and core storage services. Vulnerability id: VSTOR-63084 Unable to manage a virtual machine after a failed migration. Vulnerability id: VSTOR-63050, VSTOR-59007 In some cases, resetting a state may not work. Vulnerability id: VSTOR-63041 Fixes...

CVE-2023-26464

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

SUSE-SU-2023:0692-1 Security update for xen

This update for xen fixes the following issues: - CVE-2022-27672: Fixed speculative execution vulnerability due to RAS being dynamically partitioned between non-idle threads bsc1208286. Bugfixes: - Fixed launch-xenstore error bsc1205792 - Fixed issues in VMX bsc1027519...

New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic

The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with the successful exploitation of susceptible Oracle WebLogic servers to...