Azure Zero-Day Bugs Show Lurking Supply-Chain Risk

Four Microsoft zero-day vulnerabilities in the Azure cloud platform’s Open Management Infrastructure OMI — a software that many don’t know is embedded in a host of services — show that OMI represents a significant security blind spot, researchers said. Collectively dubbed “OMIGOD” because of the...

CVE-2020-3960

VMware ESXi 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a...

Exploit for Path Traversal in Microsoft

CVE-2021-40444 PoC Malicious docx generator to exploit CVE-20...

Fedora: Security Advisory for libguestfs (FEDORA-2021-38d1b07839)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for libguestfs (FEDORA-2021-4dd269a76c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Xen 竞争条件问题漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen where...

[SECURITY] Fedora 35 Update: libguestfs-1.45.7-2.fc35

Libguestfs is a library for accessing and modifying virtual machine disk images. http://libguestfs.org Libguestfs uses Linux kernel and qemu code, and can access any type of guest filesystem that Linux and qemu can, including but not limited to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different...

[SECURITY] Fedora 33 Update: libguestfs-1.44.1-2.fc33

Libguestfs is a library for accessing and modifying virtual machine disk images. http://libguestfs.org It can be used to make batch configuration changes to guests, get disk used/free statistics virt-df, perform backups and guest clones, change registry/UUID/hostname info, build guests from scrat...

kernel: powerpc: KVM guest OS users can cause host OS memory corruption

A flaw was found on the Linux kernel. On the PowerPC platform, the KVM guest allows the OS users to cause host OS memory corruption via rtasargs.nargs. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Fedora: Security Advisory for libguestfs (FEDORA-2021-c0235d9d79)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 34 Update: libguestfs-1.45.7-2.fc34

Libguestfs is a library for accessing and modifying virtual machine disk images. http://libguestfs.org Libguestfs uses Linux kernel and qemu code, and can access any type of guest filesystem that Linux and qemu can, including but not limited to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different...

kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks

A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VMIO|VMPFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of...

evm (>=0.13.0 <=0.20.0), evm-gasometer (>=0.13.0 <=0.20.0) +2 more potentially affected by unknown CVE via evm-core (>=0.13.1 <=0.20.0)

evm-core CARGO version =0.13.1, =0.13.0, =0.13.0, =0.13.0, =2.0.0, =2.0.1 Source cves: unknown CVE Source advisory: OSV:GHSA-773Q-5334-5GF9...

Corel Parallels Desktop 安全漏洞

Corel Parallels Desktop is a suite of virtual machine software for the macOS platform from Canada's Corel Digital Technology Corel. A security vulnerability exists in Corel Parallels Desktop that stems from a lack of proper access control. An attacker can exploit the vulnerability to escalate...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. effect is a software package for adding...

kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks

A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VMIO|VMPFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of...

UBUNTU-CVE-2021-3656

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...

KVM 权限许可和访问控制问题漏洞

KVM is a kernel-based virtual machine. A privilege-granting and access-control issue vulnerability exists in KVM's AMD code, which stems from incorrect validation of "intctl" when processing VMCBs Virtual Machine Control Blocks supplied by L1 guests to spawn/process nested guests L2...

virt-what bug fix and enhancement update

An update is available for virt-what. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The virt-what utility is used to detect whether the operating system is...

VulnCheck KEV: CVE-2021-1497

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user...