CVE-2021-28697

grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest...

PT-2021-6805 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to improper authorization in the Xen hypervisor. Exploitation of this issue allows an attacker to access sensitive data, compromise its integrity, and cause a denial of...

PT-2021-6609 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to inadequate access control in the Xen hypervisor. Exploitation of this issue allows an attacker to access confidential data, compromise its integrity, and cause a denial ...

Security update for spectre-meltdown-checker (moderate)

openSUSE Security Update: Security update for spectre-meltdown-checker Announcement ID: openSUSE-SU-2021:2861-1 Rating: moderate References: 1189477 Cross-References: CVE-2017-5753 CVSS scores: CVE-2017-5753 NVD : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-5753 SUSE: 7.1...

Hotfix XS82E031 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| Restart the XAPI Toolstack Content live patchable| No Baselines for Live Patch| N/A Revision History|...

(Pwn2Own) Parallels Desktop WinAppHelper Improper Access Control Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Xen 竞争条件问题漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has a security vulnerability that can be...

Citrix Provisioning Services - Target Device(s) Hang After 96 Hours With No PVS License

After a license server upgrade to support PVS 1912 LTSR from 7.15 LTSR Target Devices may immediately report entering "grace period". After 96 hours of uptime the Target Device may appear to freeze. Target Device hangs or freezes are typically first found in the Studio console by a CVAD...

PT-2021-6468 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to weaknesses in the authentication procedure of the Xen hypervisor. Exploitation of this issue allows an attacker to access confidential data, compromise its integrity, an...

virt-who bug fix and enhancement update

An update is available for virt-who. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The virt-who service collects information about the connection between the...

AMD Secure Encryption Virtualization (SEV) Information Disclosure

Bulletin ID: AMD-SB-1013 Potential Impact: Information Disclosure Severity: Medium Summary AMD received notification of a potential security vulnerability from a team of researchers led by Professor Yinqian Zhang from Southern University of Science and Technology SUSTech. A paper titled...

CVE-2021-29765

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476...

Design/Logic Flaw

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476...

CVE-2021-29765

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476...

CVE-2021-29765

CVE-2021-29765 affects IBM PowerVM Hypervisor FW940 and FW950. If an attacker gains service access to the FSP, they can decrypt data in the Platform KeyStore, enabling disclosure of sensitive information. Remediation: apply FW940.30 (VL940_071) or FW950.10 (VL950_072) or above on listed Power Sys...

Security Bulletin: The PowerVM Platform KeyStore functionality can be compromised if an attacker gains service access to the FSP

Summary An attacker that gains service access to the FSP can locate and through a series of service procedures decrypt data contained in the Platform KeyStore Vulnerability Details CVEID: CVE-2021-29765 DESCRIPTION: IBM PowerVM Hypervisor could allow an attacker to obtain sensitive information if...

IBM PowerVM Hypervisor 授权问题漏洞

IBM PowerVM Hypervisor is an application from Universal Business Machines IBM, Inc. provides a secure and scalable virtualized environment for applications built on the advanced RAS features and leading performance of the Power Systems platform. An authorization issue vulnerability exists in IBM...

Corel Parallels Desktop Elevation of Privilege Vulnerability

A security vulnerability exists in Corel Parallels Desktop Toolgate, a suite of virtual machine software for the macOS platform from Corel Canada, stemming from uncontrolled memory allocation in the Toolgate component. An attacker could exploit the vulnerability to escalate privileges in the...

(Pwn2Own) Parallels Desktop virtio-gpu Memory Corruption Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

(Pwn2Own) Parallels Desktop Toolgate Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgat...