Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen Xenstore suffers from a security...

GLSA-202210-27 : open-vm-tools: Local Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-202210-27 open-vm-tools: Local Privilege Escalation - VMware Tools 12.0.0, 11.x.y and 10.x.y contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate...

Vagrant Synced Folder Vagrantfile Breakout Exploit

This Metasploit module exploits a default Vagrant synced folder shared folder to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable vagrant...

CVE-2022-39354

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

Design/Logic Flaw

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

[SECURITY] Fedora 36 Update: qemu-6.2.0-16.fc36

qemu is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu acts as a virtual machine monitor together with the KVM kernel modules, and emulates the hardware for a full system such as a PC and its associated peripherals...

RUSTSEC-2022-0083 evm incorrect state transition

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

evm incorrect state transition

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

kernel: x86/speculation: Fill RSB on vmexit for IBRS

In the Linux kernel, the following vulnerability has been resolved: x86/speculation: Fill RSB on vmexit for IBRS Prevent RSB underflow/poisoning attacks with RSB. While at it, add a bunch of comments to attempt to document the current state of tribal knowledge about RSB attacks and what exactly i...

kernel: KVM: VMX: Prevent RSB underflow before vmenter

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...

rhel and virt-devel:rhel bug fix update

An update is available for libguestfs, libnbd, libtpms, libguestfs-winsupport, nbdkit, supermin, libiscsi, hivex, libvirt, netcf, perl-Sys-Virt, seabios, qemu-kvm, swtpm, virt-v2v, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS...

CVE-2022-39354 evm has incorrect is_static parameter for custom stateful precompiles

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

CVE-2022-39354 evm has incorrect is_static parameter for custom stateful precompiles

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

CVE-2022-39354 evm has incorrect is_static parameter for custom stateful precompiles

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

CVE-2022-39354

SputnikVM (evm) has a vulnerability where the is_static parameter in custom stateful precompiles could be incorrect prior to v0.36.0, incorrectly setting static context only for direct STATICCALL calls. This could lead to incorrect state transitions for affected precompiles. The patch is included...

SputnikVM 安全漏洞

SputnikVM is a Rust-based ethereum virtual machine implementation by rust-blockchain individual developers. A security vulnerability exists in SputnikVM versions prior to 0.36.0 that stems from passing the isstatic parameter is incorrect, an issue that could lead to incorrect state transitions...

MGASA-2022-0380 Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.74 and fixes at least the following security issues: A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root host user-level application to crash the host kernel by creating a confidential guest V...

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a security flaw that affects the function vsockconnect in the component IPsec's file net/vmwvsock/afvsock.c. This operation results in a memory leak. No detailed...

Oracle Database Server Information Disclosure Vulnerability (CNVD-2022-87654)

Oracle Database Server is a relational database management system from Oracle Corporation. The Java VM is a Java Virtual Machine component of the database management system, and an information disclosure vulnerability exists in the Java VM component of Oracle Database Server. An attacker could...

CVE-2022-43404

A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b0b0aa451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandb...