CVE-2020-3982

VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG, Workstation 15.x, Fusion 11.x before 11.5.6 contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative...

[SECURITY] Fedora 31 Update: kata-proxy-1.11.1-1.fc31.1

A proxy for the Kata Containers project The Kata Containers runtime creates a virtual machine VM to isolate a set of container workloads. The VM requires a guest kernel and a guest operating system "guest OS" to boot and create containers inside the guest environment. This package contains the...

CVE-2020-16995 Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability

...

Windows Hyper-V Denial of Service Vulnerability

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a...

Windows NAT Denial of Service Vulnerability

A denial of service vulnerability exists when Windows Network Address Translation NAT on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the...

PT-2020-4269 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A denial of service issue exists due to improper input validation in Windows Network Address Translation NAT when a privileged user on a guest operating system interacts with a host server...

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM Information Disclosure Vulnerability

Dell EMC OpenManage Integration is a driver for the virtualization management console from Dell USA Inc. It simplifies the tools and tasks associated with managing and deploying servers in a virtual environment. A log information disclosure vulnerability exists in Dell EMC OpenManage Integration...

NashaVM - A Virtual Machine For .NET Files And Its Runtime Was Made In C++/CLI

Nasha is a Virtual Machine for .NET files and its runtime was made in C++/CLI Installation git clone https://github.com/Mrakovic-ORG/NashaVM --recurse cd NashaVM\NashaVM nuget restore msbuild Limitations Slow Several instructions are not implemented Can bug Dependencies dnlib .NET Framework 4.0...

Buffer overflow

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copydata function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhostcrypto application. The highest threat from this...

CVE-2020-14377

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an...

CVE-2020-14375

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validate...

DEBIAN-CVE-2020-14377

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an...

DEBIAN-CVE-2020-14375

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validate...

CVE-2020-14377

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an...

Design/Logic Flaw

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an...

CVE-2020-14377

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an...

CVE-2020-14375

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validate...

CloudForms: Cross Site Request Forgery in API notifications

This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash fi...

CVE-2020-14377

A flaw was found in dpdk. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant...

CVE-2020-14375

A flaw was found in dpdk. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validated it. The highest threat from this vulnerabilit...