CBL Mariner 2.0 Security Update: blosc / boost / cloud-hypervisor / cloud-hypervisor-cvm / keras / nmap / rust (CVE-2023-45853)

The version of blosc / boost / cloud-hypervisor / cloud-hypervisor-cvm / keras / nmap / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45853 advisory. - MiniZip in zlib through 1.3 has an...

CBL Mariner 2.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl (CVE-2022-4304)

The version of cloud-hypervisor / edk2 / hvloader / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4304 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption...

CBL Mariner 2.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl / rust (CVE-2023-0286)

The version of cloud-hypervisor / edk2 / hvloader / openssl / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0286 advisory. - There is a type confusion vulnerability relating to X.400 addres...

CBL Mariner 2.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl / rust (CVE-2022-4450)

The version of cloud-hypervisor / edk2 / hvloader / openssl / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4450 advisory. - The function PEMreadbioex reads a PEM file from a BIO and parses...

CBL Mariner 2.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl / rust (CVE-2023-0215)

The version of cloud-hypervisor / edk2 / hvloader / openssl / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0215 advisory. - The public API function BIOnewNDEF is a helper function used for...

RHEL 8 : Red Hat OpenStack Platform 17.1.3 (openstack-nova) (RHSA-2024:4274)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4274 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines,creating a redundant and...

The vulnerability of the createinstallmedia component in the Parallels Desktop hypervisor allows a malicious user to elevate their privileges to the root level.

The vulnerability of the createinstallmedia component in Parallels Desktop Hypervisor Edition is related to the lack of signature verification. Exploiting this vulnerability can allow an attacker to elevate their privileges to root level using the repackosxinstallapp.sh script...

AZL-42988 CVE-2024-5535 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-3

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

The vulnerability of Citrix Hypervisor and XenServer platform-related server virtualization solutions lies in improper speed limits at the final point, which allows attackers to trigger service failures.

The vulnerability of Citrix Hypervisor and XenServer platform-related servers is related to improper speed limits at the final point. Exploiting this vulnerability can allow an attacker to cause service failures...

DEBIAN-CVE-2022-48727

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Avoid consuming a stale esr value when SError occur When any exception other than an IRQ occurs, the CPU updates the ESREL2 register with the exception syndrome. An SError may also become pending, and will be...

UBUNTU-CVE-2022-48727

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Avoid consuming a stale esr value when SError occur When any exception other than an IRQ occurs, the CPU updates the ESREL2 register with the exception syndrome. An SError may also become pending, and will be...

Driver Disk for Intel i40e 2.22.20-5 - For Citrix Hypervisor 8.2 LTSR

Who should install this driver disk? Customers running the Citrix Hypervisor 8.2 Cumulative Update 1 LTSR release who use Intel's i40e driver and wish to use the latest version of the following: Driver Module| Driver Type| Version ---|---|--- i40e| Ethernet/NIC| 2.22.20-5 reissue Issues resolved ...

USN-6817-3: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-38096 Zheng Wang discovered that the Broadc...

(Pwn2Own) Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-6817-3)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6817-3 advisory. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereferenc...

CVE-2024-5661

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive...

CVE-2024-5661

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive...

CVE-2024-5661 Potential Denial of Service affecting XenServer and Citrix Hypervisor

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive...

CVE-2024-5661 Potential Denial of Service affecting XenServer and Citrix Hypervisor

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive...

CVE-2024-5661

CVE-2024-5661 affects XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR. The root cause is an improper rate limiting issue in an endpoint, which a malicious administrator of a guest VM can exploit to cause the host to become slow and/or unresponsive (Denial of Service). Impact is a local, privilege-...