CVE-2021-31422

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

CVE-2021-31421

This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

CVE-2021-31418

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

Xen Paging Tables Race Condition (XSA-328)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT nested paging tables, X...

Xen Inverted Conditional DoS (XSA-319)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference ...

Xen IRQ Vector Leak DoS (XSA-360)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service DoS vulnerability. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X...

Xen Speculative Side Channel Information Disclosure (XSA-320)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue. Incomplete cleanup from specific special register read operations in some IntelR Processors may allow an authenticated user to potentially enable information disclosure via loca...

Xen Missing Alignment Check DoS (XSA-327)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOPregistervcpuinfo. The hypercall VCPUOPregistervcpuinfo is used by a guest to...

Xen oxenstored Bad Permissions (XSA-353)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a bad permissions issue. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately...

Xen Xenstore Use-After-Free DoS (XSA-325)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest...

(Pwn2Own) Oracle VirtualBox e1000 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Xen x86 Race Condition Use-After-Free (XSA-345)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-fr...

Hotfix XS82E023 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| None Content live patchable| No Baselines for Live Patch| N/A Revision History| Published on Apr 27, 2021...

The vulnerability of the Hyper-V hardware virtualization system for Microsoft Windows operating systems allows a hacker to circumvent existing security restrictions.

The vulnerability of the Hyper-V hardware virtualization technology in Microsoft Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to circumvent existing security restrictions through the configuration of Router Guard...

Oracle VirtualBox NAT Integer Underflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Oracle VirtualBox VMSVGA Numeric Truncation Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle VirtualBox LsiLogicSCSI Race Condition Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle VirtualBox LsiLogicSCSI Time-Of-Check Time-Of-Use Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle VirtualBox VMSVGA Heap-based Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA...

Corel Parallels Desktop 路径遍历漏洞

Parallels Desktop is a virtual machine software that runs on Mac computers. A security vulnerability exists in the Toolgate component in Parallels Desktop version 16.1.1-49141. The vulnerability stems from failure to properly validate a user-supplied path before using it in a file operation. An...