QEMU 安全漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU that stems from a flaw found in USB redirection device emulation in versions of QEMU prior to 6.1.0-rc2...

tsharkVM - Tshark + ELK Analytics Virtual Machine

This project builds virtual machine which can be used for analytics of tshark -T ek ndjson output. The virtual appliance is built using vagrant, which builds Debian 10 with pre-installed and pre-configured ELK stack. After the VM is up, the process is simple: decoded pcaps tshark -T ek output /...

Failed to add disks to the VM from XenCenter, error "you have reached the maximum number of virtual disks allowed for this virtual machine"

Adding more than 6 disks to VM from XenCenter throws error "You have reached the maximum number of virtual disks allowed for this virtual machine"...

PT-2021-15658 · Facebook · Folly +1

Name of the Vulnerable Software and Affected Versions: folly versions prior to v2021.07.22.00 HHVM versions prior to 4.80.5 HHVM versions 4.81.0 through 4.102.1 HHVM versions 4.103.0 through 4.113.0 HHVM versions 4.114.0 through 4.118.1 Description: Passing an attacker-controlled size when creati...

Facebook HHVM 输入验证错误漏洞

Facebook HHVM aka HipHop Virtual Machine is a virtual machine from Facebook that significantly improves the performance of PHP loading dynamic pages. Facebook HHVM is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to perform out-of-bounds writes on the heap,...

CVE-2021-2438

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM...

Oracle VM VirtualBox 输入验证错误漏洞

Oracle VM VirtualBox is a virtual machine management software from Oracle Corporation. An input validation error vulnerability exists in Oracle VM VirtualBox, which arises from a failure to properly validate input data...

Oracle Database Server 输入验证错误漏洞

Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. A security vulnerability exists in the Java VM component of Oracle Database Server versions 12.1.0.2, 12.2.0.1, and 19c. An attacker...

Fedora: Security Advisory for libslirp (FEDORA-2021-71de23bedd)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ACRN Code Issues Vulnerabilities

ACRN is an open source virtual machine monitor for the Internet of Things. A null pointer dereference vulnerability exists in vqendchains in hw/pci/virtio/virtio.c in ACRN versions prior to 2.5. No detailed vulnerability details are provided at this time...

[SECURITY] Fedora 33 Update: libslirp-4.3.1-5.fc33

A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services...

[SECURITY] Fedora 34 Update: libslirp-4.4.0-4.fc34

A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services...

Critical VMware Carbon Black Bug Allows Auth Bypass

VMware has fixed an uber-severe bug in its Carbon Black App Control AppC management server: A server whose job is to lock down critical systems and servers so they don’t get changed willy-nilly. AppC also ensures that organizations stay in continuous compliance with regulatory mandates. This is a...

VulnCheck KEV: CVE-2021-1498

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user...

[SECURITY] Fedora 34 Update: xen-4.14.2-2.fc34

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

CentOS: Security Advisory for qemu-img (CESA-2021:2322)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host resulting in a denial of service or potential code execution with the privileges of the QEMU process.

...

SUSE: Security Advisory (SUSE-SU-2019:14052-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-11268 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.0 Description: The issue is related to the KVM: x86 component of the Linux kernel, where a bug existed since the tracepoint was added, but was recently exposed by a new check in tracing to detect exactly th...

Xen 信息泄露漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. An information disclosure vulnerability exis...