CVE-2024-22269

CVE-2024-22269 describes an information-disclosure vulnerability in the vbluetooth device affecting VMware Workstation and Fusion. According to the provided documents, a malicious actor with local administrative privileges inside a virtual machine may read privileged information stored in hypervi...

CVE-2023-33119 Time-of-check Time-of-use (TOCTOU) Race Condition in Hypervisor

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache...

CVE-2023-33119 Time-of-check Time-of-use (TOCTOU) Race Condition in Hypervisor

Memory corruption while loading a VM from a signed VM image that is not coherent in the processor cache...

CVE-2023-27328

Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system i...

CVE-2023-50227 Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability

Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest syste...

CVE-2023-50227

CVE-2023-50227 describes a vulnerability in Parallels Desktop affecting the virtio-gpu virtual device. The issue is an out-of-bounds write caused by improper validation of user-supplied data, enabling a remote attacker to execute code in the hypervisor. Exploitation requires user interaction (the...

CVE-2023-50227 Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability

Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest syste...

CVE-2023-27328

Parallels Desktop Toolgate XML Injection Local Privilege Escalation: Affected component is Toolgate within Parallels Desktop. Root cause is improper validation of a user-supplied string used to construct an XML document, enabling a local attacker to escalate privileges and execute arbitrary code ...

CVE-2023-27328 Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability

Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system i...

(Pwn2Own) Oracle VirtualBox E1000 Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

(Pwn2Own) Oracle VirtualBox VirtIOCore Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Oracle Linux 8 : virt:kvm_utils3 (ELSA-2024-12276)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12276 advisory. - Fixes: CVE-2022-40284 - Fix off-by-one error in udevListInterfacesByStatus Martin Kletzander Orabug: 36364464 CVE-2024-1441 libvirt-dbus...

PT-2024-6307 · Xen +3 · Xen +3

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to the x86 HVM hypercall handler in the Xen hypervisor. HVM guests can switch freely between 64-bit and other modes, allowing them to set registers used to pass 32-bit-mode...

CVE-2024-25743

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

CVE-2024-25742

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

Disrupting AMD SEV-SNP on Linux® With Interrupts

AMD ID: AMD-SB-3008 Potential Impact: N/A Severity: N/A Summary Researchers from ETH Zurich have shared with AMD a paper titled “Heckler: Disrupting AMD SEV-SNP with Interrupts.” In their paper, the researchers report that a malicious hypervisor can potentially break confidentiality and integrity...

[SECURITY] Fedora 38 Update: xen-4.17.2-8.fc38

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 39 Update: xen-4.17.2-8.fc39

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Fedora: Security Advisory (FEDORA-2024-aca9ed1eb1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for xen (FEDORA-2024-0da80aa623)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...