Lucene search
+L

455 matches found

nvd
nvd
added 2026/06/29 9:16 a.m.10 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS0.00135EPSS
Exploits0References2
cve
cve
added 2026/06/29 7:53 a.m.20 views

CVE-2026-57966

Summary (CVE-2026-57966): A path traversal flaw in spice-vdagent allows a malicious/untrusted SPICE host to write arbitrary files on the guest filesystem via an unsanitized filename during file transfers. The vulnerability enables writes with the spice-vdagent process privileges (usually the logg...

4.4CVSS5.9AI score0.00135EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/29 7:53 a.m.52 views

CVE-2026-57966 Spice-vdagent: path traversal in file transfer via unsanitized filename

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS0.00135EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/29 7:53 a.m.12 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00135EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/01 1:29 p.m.15 views

CVE-2026-23557

A flaw was found in xenstored, a component of Xen. Any guest operating system can cause xenstored to crash by issuing an XSRESETWATCHES command within a transaction, leading to a denial of service DoS. This occurs due to an assertion assert triggering, which can halt the xenstored process...

6.5CVSS5.7AI score0.00158EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/06 11:54 p.m.9 views

CVE-2026-43265

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM for x86 architectures. A local user or a malicious guest operating system could manipulate the virtual CPU vCPU state by injecting events while the vCPU is in a blocking state. This could lead to a spurious exit to userspace,...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/04/24 7:25 p.m.5 views

CVE-2026-31600

A flaw was found in the Linux kernel's memory management for the arm64 architecture. The kernel incorrectly processes invalid large leaf mappings, which are specific entries used to manage system memory. This vulnerability can be triggered by a local user or a guest operating system, leading to a...

7.5CVSS5.3AI score0.0029EPSS
Exploits0References4
osv
osv
added 2026/03/04 3:30 p.m.6 views

SUSE-RU-2026:20677-1 Recommended update for open-vm-tools

This update for open-vm-tools fixes the following issues: - update to 13.0.10 based on build 25056151 boo1257357: There are no new features in the open-vm-tools 13.0.10 release. This is primarily a maintenance release that addresses a fix. A minor enhancement has been made for Guest OS...

7.8CVSS5.8AI score0.0788EPSS
Exploits3References4
nessus
nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001047)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001047 advisory. arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS,...

7.8CVSS8.5AI score0.00365EPSS
Exploits0References7
nessus
nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000901)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000901 advisory. arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the BP and OF exceptions, which allows guest OS users to cause a denial of service guest OS crash by...

5.5CVSS6.5AI score0.00425EPSS
Exploits0References4
nessus
nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000817)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000817 advisory. The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service host OS panic or hang by...

10CVSS6.3AI score0.02501EPSS
Exploits0References46
nessus
nessus
added 2026/01/16 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001534)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001534 advisory. arch/powerpc/kvm/book3srtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via...

7.8CVSS6.6AI score0.00575EPSS
Exploits1References4
nessus
nessus
added 2026/01/15 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002474)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002474 advisory. The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, whic...

4.3CVSS6.8AI score0.01168EPSS
Exploits1References16
nessus
nessus
added 2026/01/15 12:0 a.m.2 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001853)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001853 advisory. Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service guest OS crash via a crafted application th...

4.9CVSS6.5AI score0.00374EPSS
Exploits0References20
nessus
nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002761)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002761 advisory. arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS,...

7.8CVSS8.5AI score0.00365EPSS
Exploits0References7
nessus
nessus
added 2026/01/15 12:0 a.m.8 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002169)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002169 advisory. arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to...

5.5CVSS6.7AI score0.00428EPSS
Exploits0References15
nessus
nessus
added 2026/01/15 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003124)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003124 advisory. Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable...

6.5CVSS6.8AI score0.00915EPSS
Exploits0References19
nessus
nessus
added 2026/01/15 12:0 a.m.7 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003053)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003053 advisory. The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service host OS infinite loop a...

6.5CVSS7AI score0.00352EPSS
Exploits0References7
nessus
nessus
added 2026/01/15 12:0 a.m.5 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003244 advisory. arch/powerpc/kvm/book3shvrmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIGKVMBOOK3S64HV is enabled, allows guest OS users to cause a...

6.5CVSS7.3AI score0.00345EPSS
Exploits0References10
osv
osv
added 2025/11/17 5:3 p.m.1 views

CVE-2025-13193 Libvirt: information disclosure via world-readable vm snapshots

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability...

5.5CVSS6.4AI score0.00118EPSS
Exploits0References6
Rows per page
Query Builder