CVE-2025-71121

In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations. When trying to reprogram the affinity it will crash with a HPMC as the relevant registers...

XenServer Security Update for CVE-2024-36350 and CVE-2024-36357

Severity: Medium Description of Problem AMD has disclosed several security issues affecting AMD CPUs. These CPU hardware issues may allow code in a guest VM to infer some active memory content of another VM that is running on the same host. Although these are not vulnerabilities in the XenServer...

Hotfix XS82ECU1078 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1. All customers who are affected by the issues described inCTX692065 - XenServer and Citrix Hypervisor Security Update for CVE-2024-45818should install this hotfix. Note: This hotfix is...

CVE-2024-35875 x86/coco: Require seeding RNG with RDRAND on CoCo systems

In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted a...

K97035296: Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127

Security Advisory Description Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2018-12127 Impact MDS...

Citrix Hypervisor Security Update

A security issue has been identified in Citrix Hypervisor 7.1 LTSR CU2 that may allow privileged code in a PV guest VM to compromise the host. Citrix believes that there would be significant complexity in performing this attack in Citrix Hypervisor. The issue has the following CVE identifier:...

Citrix Hypervisor Security Update

Several security issues have been identified that affect Citrix Hypervisor: Two issues, each of which may each allow privileged code in a guest VM to cause the host to crash or become unresponsive. These two issues only affect systems where the malicious guest VM has a physical PCI device passed...

Citrix Hypervisor Security Updates

Description of Problem Modern CPUs contain random number generators that provide entropy randomness to the software running on those processors to use for purposes such as generating cryptographic encryption keys. Software can obtain entropy by using the RDRAND and RDSEED instructions. A security...

Citrix Hypervisor Security Update

Description of Problem A security issue has been identified in certain CPU hardware that may allow unprivileged code running on a CPU core to infer the value of memory data belonging to other processes, virtual machines or the hypervisor that are, or have recently been, running on the same CPU...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC S7-400 incl. F CPU hardware version 4.0 and below All versions, SIMATIC S7-400 incl. F CPU hardware version 5.0 All firmware versions V5.2, SIMATIC S7-400H CPU hardware version 4.5 and below All versions. The affected CPUs improperly validate S7...

Tracking changes in CERT bulletins and Nessus plugins using Vulners Time Machine

If you use Vulners.com vulnerability search engine, you probably know that it has a real "Time Machine". Each time Vulners sees some changes on a source page it creates a new version of security object. And you can see the full history of changes in a nice GUI: In most cases, the vendor just...

CPU hardware vulnerable to side-channel attacks

Overview CPU hardware implementations are vulnerable to cache side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre. Description CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Both Spectre and Meltdown take...

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability

Description Multiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Apple Mac Os X 10.11.6 Apple iOS 11.2 Apple macOS 10.12.6 Apple macOS 10.13.2 Apple tvOS...

VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability (VMSA-2008-0018) - Windows

VMWare products are prone to a privilege escalation vulnerability. Copyright C 2008 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 or any later...

VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability (Linux)

The host is installed with VMWare products that are vulnerable to privilege escalation vulnerability. OpenVAS Vulnerability Test $Id: gbvmwareprdtsinguestprvescvulnlin.nasl 6539 2017-07-05 12:02:14Z cfischer $ VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability Linux Authors:...

CVE-2008-4915

CVE-2008-4915 documents a privilege-escalation flaw in CPU hardware emulation across VMware products (Workstation, Player, Server, ESX/ESXi, and related variants) when running 32/64-bit guest OS. The trap-flag handling flaw allows an authenticated guest OS user to gain privileges on the guest OS....

VMSA-2008-0018 VMware Hosted products and patches for ESX and ESXi resolve two security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2008-0018 Synopsis: VMware Hosted products and patches for ESX and ESXi resolve two security issues Issue date: 2008-11-06 Updated on...

CVE-2008-4279

The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated...

CVE-2008-4279

The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated...