18 matches found
Malicious code in @pluxee-connect/api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f5056dda18e9a9f440db7379d09fa1f9f7ff087ac00d6684170cddd40c240e9 On npm install, postinstall.js collects os.hostname, os.userInfo, and process.version and transmits them over plain HTTP to...
CVE-2026-23402
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM module. This vulnerability allows a host user to bypass KVM's memory management rules by overwriting critical memory structures. This can lead to a compromise of the virtual machine's memory integrity, potentially causing...
CVE-2023-1386
A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the gue...
SUSE CVE-2020-18670
Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...
SUSE CVE-2022-0669
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master...
kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...
dpdk: sending vhost-user-inflight type messages could lead to DoS
A flaw was found in dpdk, which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the secondary vhost-user. By sending such messages continuously, the primary vhost-user...
UBUNTU-CVE-2020-10722
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhostusersetlogbase could result in a smaller memory map than requested, possibly allowing memory corruption...
Kernel: KVM: OOB memory access via mmio ring buffer
An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...
Kernel: KVM: OOB memory access via mmio ring buffer
An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...
Kernel: KVM: OOB memory access via mmio ring buffer
An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...
Kernel: KVM: OOB memory access via mmio ring buffer
An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...
Kernel: KVM: OOB memory access via mmio ring buffer
An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...
UBUNTU-CVE-2019-10132
A vulnerability was found in libvirt = 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the...
UBUNTU-CVE-2018-1059
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions...
Low: Red Hat Security Advisory: kvm security and bug fix update
Updated kvm packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Pixaria Gallery 2.3.5 (file) Remote File Disclosure Exploit
Exploit for unknown platform in category web applications =========================================================== Pixaria Gallery 2.3.5 file Remote File Disclosure Exploit =========================================================== ?php iniset"maxexecutiontime",0; printr' || || | || o,7 || . ...
debianssh-ruby.txt
!/usr/bin/ruby Debian SSH Key Tester L4teral This tool helps to find user accounts with weak SSH keys that should be regenerated with an unaffected version of openssl. You will need the precalculated keys provided by HD Moore See http://metasploit.com/users/hdm/tools/debian-openssl/ for further...