CVE-2023-31364

Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine VM to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service...

Kata Container to Guest micro VM privilege escalation

Summary An issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understinding is this doesn’t impact the security of the Host or of other containers / V...

EUVD-2019-15089

Malware in sbrugna...

EUVD-2024-54971

Malicious code in bioql PyPI...

CVE-2025-58143 Mutiple vulnerabilities in the Viridian interface

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference...

kernel: SEV-ES local priv escalation

A buffer overflow and null pointer dereference flaw was found in the Linux kernel's Secure Encrypted Virtualization SEV implementation for AMD functionality. This issue occurs when a user in SEV guest VM accesses MMIO registers, which could allow a local user to crash the system or escalate their...

CVE-2023-31021

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager vGPU plugin, where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service...

PT-2023-3080 · Vmware +10 · Vmware Tools +13

Name of the Vulnerable Software and Affected Versions: VMware Tools versions prior to 12.2.5 VMware vCenter affected versions not specified Description: A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integri...

Citrix Hypervisor <= 8.2 LTSR DoS (CTX306565)

The version of Citrix Hypervisor formerly Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by denial of service vulnerabilities. - A local attacker with the ability to execute privileged mode code in a guest machine can perform a denial of servi...

Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario

A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the...

VMSA-2019-0019 : Denial-of-service vulnerability

ESXi shader denial-of-service vulnerability - CVE-2019-5536 VMware ESXi, Workstation and Fusion contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on...

VMSA-2019-0014 : Use-after-free vulnerability

ESXi use-after-free vulnerability - CVE-2019-5527 ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. A local attacker with non-administrative access on the guest machine may exploit this issue to execute code on the host. This...

CVE-2019-5514

VMware VMware Fusion 11.x before 11.0.3 contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware...

CVE-2019-5514

VMware VMware Fusion 11.x before 11.0.3 contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware...

Improper access control

VMware VMware Fusion 11.x before 11.0.3 contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware...

VMWare Fusion APIs available without auth via web socket (CVE-2019-5514)

VMware Fusion 11.x before 11.0.3 contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is...

CVE-2018-6963

VMware Workstation 14.x before 14.1.2 and Fusion 10.x before 10.1.2 contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine...

Null pointer dereference

VMware Workstation 14.x before 14.1.2 and Fusion 10.x before 10.1.2 contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine...

libvirt library multiple security vulnerabilities

Multiple possibilities to access host resources from guest machine...

VMware vulnerability instance analysis – one of the shared folders directory traversal vulnerability-vulnerability warning-the black bar safety net

Author: vxasm mail: [email protected] Time: 2008-10-5 A noun is defined Host machine: running VMware software real host; Guest machine: installed in the VMware software in the virtual system; Backdoor: VMware have their own proprietary“Backdoor I/O Port”command, the Host and the Guest between al...