CVE-2021-22042

VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user...

Double free

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

Double free

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

CVE-2021-22041

VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host...

PT-2022-7617 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fix Description: The issue is related to a memory leak in the IOMMU page table, which can be observed when launching VM with pass-through devices. This is due to the current logic updating the I/O page table...

GHSA-6PW2-5HJV-9PF7 Sandbox bypass in vm2

The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine...

VMware Fusion 12.x < 12.2.0 Heap Overflow RCE (VMSA-2022-0001)

VMware Fusion contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. Not...

Virtuozzo Hybrid Infrastructure 5.0 (5.0.0-137)

In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance service providers' interoperability and help expand their services. The improvements cover compute services, object storage, security, and monitoring. Additionally, this release delivers stability...

Denial of service

VMware Workstation 16.x prior to 16.2.2 and Horizon Client for Windows 5.x prior to 5.5.3 contains a denial-of-service vulnerability in the Cortado ThinPrint component. The issue exists in TrueType font parser. A malicious actor with access to a virtual machine or remote desktop may exploit this...

Solana Rbpf 输入验证错误漏洞

Solana Rbpf is a Rust Virtual Machine and Jit compiler for Ebpf programs from the Solana Foundation in Switzerland. An input validation error vulnerability exists in Solana Rbpf versions 0.2.14 through 0.2.16, which stems from an integer overflow error in the call to the relocate function in...

PT-2024-6125 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a memory leak in the KVM subsystem of the Linux kernel. The memory leak occurs due to the incorrect freeing of the kvm cpuid entry2 array. This can be exploited...

CVE-2022-23035

Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time...

mruby Denial of Service Vulnerability (CNVD-2022-08157)

mruby is a lightweight implementation of the Ruby language that runs Ruby code using interpreted mode and executes it in a virtual machine. A denial of service vulnerability exists in Mruby prior to version 3.2, which stems from a null pointer dereference in mruby that can be exploited by an...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. There is a security vulnerability in xen tha...

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux, of which KVM is a kernel-based virtual machine. Linux kernel suffers from a denial-of-service vulnerability, which stems from the possibility that the KVM subsystem may mishandle a memory error that...

CVE-2022-21393

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM...

Oracle Database Server 输入验证错误漏洞

Oracle Database Server is a relational database management system from Oracle Corporation. The database management system provides data management, distributed processing, and other functions.An input validation error vulnerability exists in Oracle Database Server, which stems from an input...

KB5010794: Out-of-band update for Windows 8.1 and Windows Server 2012 R2: January 17, 2022

KB5010794: Out-of-band update for Windows 8.1 and Windows Server 2012 R2: January 17, 2022 Summary This update resolves the following issues: Virtual machines VMs located on a server that has Unified Extensible Firmware Interface UEFI enabled fail to start after installing the January 11, 2022...

Microsoft Windows Multiple Vulnerabilities (KB5009610)

This host is missing a critical security update according to Microsoft KB5009610 SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB5009546)

This host is missing a critical security update according to Microsoft KB5009546 SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...