Cambridge Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in XEN that...

kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run

A flaw was found in the Linux kernel. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability...

Exploit for CVE-2021-28476

CVE-2021-28476: a guest-to-host "Microsoft Hyper-V Remote Code...

Unspecified Vulnerability in KubeVirt

Kubevirt is a virtual machine manager. A security vulnerability exists in KubeVirt versions prior to 0.26.0, which can be exploited by an attacker to read the contents of any secret attached to its namespace...

Ghidra-Evm - Module For Reverse Engineering Smart Contracts

In the last few years, attacks on deployed smart contracts in the Ethereum blockchain have ended up in a significant amount of stolen funds due to programming mistakes. Since smart contracts, once compiled and deployed, are complex to modify and update different practitioners have suggested the...

spice-vdagent: possible file transfer DoS and information leak via active_xfers hash map

A flaw was found in the SPICE file transfer protocol. File data from the host system can partially or fully end up in the client connection of an unauthorized local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highe...

spice-vdagent: memory DoS via arbitrary entries in active_xfers hash table

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. This flaw allows any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock to perform a memory denial of service for...

A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata in the KVM API is mapped to an array index which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.

...

Microsoft Azure Virtual Machine信息泄露漏洞（CVE-2021-27075）

CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data Written by Paul Litvak - 11 May 2021 In this post I will explain how the Microsoft Azure Virtual Machine VM extension works and how we found a fatal vulnerability in the extension mechanism affectin...

CVE-2021-29511

evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the evm crate can over-allocate memory when it is not needed, making it possible for an attacker to perform...

CVE-2021-29511

CVE-2021-29511 affects the Rust EVM implementation (evm crate). Before the patch in commit 19ade85, certain memory-opcodes using memory::copy_large could cause memory over-allocation, enabling a denial-of-service. Remediation: upgrade evm to >=0.26.1, or to specific newer releases (0.21.1, 0.2...

PT-2021-18262 · Evm · Evm

Name of the Vulnerable Software and Affected Versions: evm versions prior to 0.21.1 evm versions prior to 0.23.1 evm versions prior to 0.24.1 evm versions prior to 0.25.1 evm versions prior to 0.26.1 Description: The issue is related to the execution of specific EVM opcodes that use evm...

Hotfix XS82E020 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| Restart the XAPI Toolstack Content live patchable| No Baselines for Live Patch| N/A Revision History|...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to modify, add, or delete data.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to modify, add, or delete data...

The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to modify, add, or delete data using the Oracle Net network protocol...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

Exploit for Cross-Site Request Forgery (CSRF) in Anchorcms Anchor_Cms

CVE-2020-23342 Note: When pulling this...

Parallels Desktop IDE Out-of-Bounds Read Information Disclosure Vulnerability (CNVD-2021-34193)

Parallels Desktop is a virtual machine software that runs on Mac computers. An information disclosure vulnerability exists in the IDE virtual appliance in Parallels Desktop version 15.1.5-47309. The vulnerability stems from a lack of proper validation of user-supplied data. A local attacker could...

Parallels Desktop Out-of-Bounds Read Information Disclosure Vulnerability

Parallels Desktop is a virtual machine software that runs on Mac computers. A security vulnerability exists in Parallels Desktop 16.0.1-48919, which can be exploited by a local attacker to disclose sensitive information about an affected installation...

Parallels Desktop Elevation of Privilege Vulnerability

Parallels Desktop is a virtual machine software that runs on Mac computers. An elevation of privilege vulnerability exists in the e1000e virtual appliance in Parallels Desktop version 16.1.1-49141. The vulnerability stems from a lack of proper locking when performing operations on objects. An...