Parallels Desktop Out-of-Bounds Read Information Disclosure Vulnerability (CNVD-2020-46856)

Parallels Desktop is a virtual machine software that runs on Mac computers. An out-of-bounds read information disclosure vulnerability exists in the OEMNet component in versions prior to Parallels Desktop 16.0.0 48916. The vulnerability stems from a lack of proper validation of user-supplied data...

Parallels Desktop Information Disclosure Vulnerability (CNVD-2020-46855)

Parallels Desktop is a virtual machine software that runs on Mac computers. An information disclosure vulnerability exists in prlhypervisor kext in versions prior to Parallels Desktop 15.1.4 47270. The vulnerability stems from a lack of proper validation of user-supplied data. An attacker could...

Parallels Desktop Elevation of Privilege Vulnerability

Parallels Desktop is a virtual machine software that runs on Mac computers. A lift-limit vulnerability exists in the HOSTIOCTLSETKERNELSYMBOLS handler in prlhypervisor kext in versions prior to Parallels Desktop 16.0.0 48916. The vulnerability stems from a lack of proper validation of user-suppli...

Parallels Desktop Information Disclosure Vulnerability (CNVD-2020-46853)

Parallels Desktop is a virtual machine software that runs on Mac computers. An information disclosure vulnerability exists in the HOSTIOCTLINITHYPERVISOR handler in prlhypervisor kext in versions prior to Parallels Desktop 16.0.0 48916. The vulnerability stems from unprivileged users being able t...

Parallels Desktop Integer Underflow Elevation of Privilege Vulnerability

Parallels Desktop is a virtual machine software that runs on Mac computers. An integer underflow elevation of privilege vulnerability exists in the prlnaptd process in versions prior to Parallels Desktop 16.0.0 48916. The vulnerability stems from a lack of proper validation of user-supplied data...

Parallels Desktop OEMNet Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Parallels Desktop hypervisor Out-Of-Bounds Read Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the hypervisor...

Parallels Desktop Networking Service Integer Underflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the prlnapt...

Parallels Desktop prl_hypervisor Out-Of-Bounds Read Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prlhypervisor...

Parallels Desktop Networking Out-Of-Bounds Access Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handlin...

Parallels Desktop VGA Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

QEMU SLiRP Networking Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of QEMU. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handling of SLiRP...

Red Hat libvirt elevation of privilege vulnerability (CNVD-2020-47042)

Red Hat libvirt is a Linux API for implementing Linux virtualization features from Red Hat, Inc. It supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtual products for other operating systems. An elevation of privilege vulnerability exists in Red Hat...

Barbervisor: Journey developing a snapshot fuzzer with Intel VT-x

By Cory Duplantis. One of the ways vulnerability researchers find bugs is with fuzzing. At a high level, fuzzing is the process of generating and mutating random inputs for a given target to crash it. In 2017, I started developing a bare metal hypervisor for the purposes of snapshot fuzzing:...

Denial Of Service (DoS)

xen is vulnerable to denial of service DoS. The vulnerability exists as n issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a...

Denial Of Service (DoS)

Xen is vulnerable to denial of service DoS. Arm guest OS users can cause a hypervisor crash because of a missing alignment check in VCPUOPregistervcpuinfo. The hypercall VCPUOPregistervcpuinfo is used by a guest to register a shared region with the hypervisor. The region will be mapped into Xen...

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at this time...

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze

Summary AT&T has released versions 1801-ze for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patchesat-t-vyatta-5600-vrouter-software-patches...

Fedora: Security Advisory for xen (FEDORA-2020-76cf2b0f0a)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: xen-4.12.3-3.fc31

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...