253 matches found
CVE-2026-49238 SFTP Server VM Escape in Canonical Multipass
An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfsserver, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validatepath function in src/sshfsmount/sftpserver.cpp. The function...
Astra Linux - уязвимость в open-vm-tools
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper with local files to trigger insecure file operations within that VM...
CVE-2026-0427
Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...
XenServer Security Update for Multiple Issues
Severity: High Description of Problem Several issues have been identified that affect XenServer 8.4. These are: An issue that may, in some circumstances, allow a malicious privileged user in a guest VM to compromise the host. This issue has the following identifier: CVE-2026-23558 An issue that m...
CVE-2026-22717
Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed...
CVE-2026-24834 Kata Container to Guest micro VM privilege escalation
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM...
CVE-2023-31021
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager vGPU plugin, where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service...
USN-7940-1: Linux kernel (Azure FIPS) vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...
USN-7939-2 linux-azure-fips vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...
USN-7934-1: Linux kernel (Azure) vulnerabilities
It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux...
Ubuntu: Security Advisory (USN-7861-4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7862-3 linux-xilinx-zynqmp vulnerability
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...
Ubuntu: Security Advisory (USN-7860-5)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2025-0237 Updated open-vm-tools package fixes security vulnerability
It was discovered that open-vm-tools contains a local privilege escalation vulnerability. A malicious actor with non-administrative privileges on a guest VM may exploit this vulnerability to escalate privileges to root on the same VM CVE-2025-41244...
open-vm-tools: Local privilege escalation in open-vm-tools
A flaw was found in VMWare open-vm-tools. A malicious actor with non-administrative privileges on a guest Virtual Machine VM could exploit this vulnerability to gain root privileges on the VM. The issue lies in the service-discovery plugin logic, which can execute attacker-controlled binaries fro...
EUVD-2008-5687
Malware in sbrugna...
EUVD-2020-29677
Malware in sbrugna...
EUVD-2019-15271
Malware in sbrugna...
EUVD-2018-1787
Malware in sbrugna...
EUVD-2019-13460
Malware in sbrugna...