1569 matches found
Stack overflow
This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual devic...
CVE-2022-35867
This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual devic...
CVE-2022-34889
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 51537. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...
Design/Logic Flaw
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 51537. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...
CVE-2022-34889
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 51537. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...
CVE-2021-34987
This CVE (CVE-2021-34987) concerns Parallels Desktop 16.5.1 (49187) where the HDAudio virtual device contains a buffer overflow due to improper validation of user-supplied data length before copying to a fixed-length buffer. The vulnerability enables local privilege escalation and arbitrary code ...
[SECURITY] Fedora 36 Update: xen-4.16.1-5.fc36
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
Citrix Releases Security Updates for Hypervisor
Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Security Updates CTX461397 and apply the necessary updates. This product ...
(0Day) xhyve e1000 Stack-based Buffer Overflow Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual devic...
CVE-2022-32295
On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component...
Parallels Desktop ACPI Out-Of-Bounds Read Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the ACPI...
Citrix Releases Security Updates for Hypervisor
Citrix has released security updates to address vulnerabilities that could affect Hypervisor. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Security Update CTX460064 and apply the necessary...
[SECURITY] Fedora 36 Update: qemu-6.2.0-12.fc36
qemu is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu acts as a virtual machine monitor together with the KVM kernel modules, and emulates the hardware for a full system such as a PC and its associated peripherals...
Fedora: Security Advisory for xen (FEDORA-2022-0142d562ca)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Race condition
Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...
Input validation
Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile...
CVE-2021-35090
CVE-2021-35090 describes a TOC TOU race condition that could cause hypervisor memory corruption when updating address mappings on Qualcomm Snapdragon platforms (Auto/Compute/Connectivity/Industrial IOT/ Mobile). Root cause: TOC-Timing-Of-Check/Time-Of-Use race in kernel memory mappings. Impact st...
CVE-2021-35101
The CVE-2021-35101 entry concerns Qualcomm Snapdragon platforms (Auto/Compute/Mobile) with an issue in handling writes to the virtual GICR control. The underlying problem is described as improper handling that can trigger an assertion failure in the hypervisor. Public documents indicate a local a...
CVE-2021-35101
Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile...
SUSE SLED15 / SLES15 Security Update : kernel-firmware (SUSE-SU-2022:1840-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1840-1 advisory. - Failure to flush the Translation Lookaside Buffer TLB of the I/O memory management unit IOMMU may lead an IO...