GHSA-HJ57-J5CW-2MWP Ignition config accessible to unprivileged software on VMware

Impact Unprivileged software in VMware VMs, including software running in unprivileged containers, can retrieve an Ignition config stored in a hypervisor guestinfo variable or OVF environment. If the Ignition config contains secrets, this can result in the compromise of sensitive information...

GHSA-MM5C-7MPR-99FM CSRF vulnerability in Jenkins Libvirt Agents Plugin

Jenkins Libvirt Agents Plugin 1.9.0 and earlier does not require POST requests for a form submission endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to stop hypervisor domains. Jenkins Libvirt Agents Plugin 1.9.1 requires POST requests f...

CSRF vulnerability in Jenkins Libvirt Agents Plugin

Jenkins Libvirt Agents Plugin 1.9.0 and earlier does not require POST requests for a form submission endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to stop hypervisor domains. Jenkins Libvirt Agents Plugin 1.9.1 requires POST requests f...

GHSA-8Q95-JJ7P-X93X Openstack Neutron vulnerable to eavesdropping on private traffic

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due ...

CVE-2021-46744

An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time...

CVE-2021-46744

Technical details about CVE-2021-46744 are not publicly provided in the supplied Connected documents. The initial entry mentions a SEV data-inference risk on AMD SEV guests, but no product/version/root-cause/fix is given here. Monitor for updates.

Qualcomm 安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits including primarily semiconductor devices, but also passive components, etc. and is manufactured from time to time on the surface of semiconductor wafers. A security vulnerability exists in multiple Qualcomm...

GSD-2022-1001985 Drivers: hv: vmbus: Fix potential crash on module unload

Drivers: hv: vmbus: Fix potential crash on module unload This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.111 by commit...

GSD-2022-1001369 Drivers: hv: vmbus: Fix potential crash on module unload

Drivers: hv: vmbus: Fix potential crash on module unload This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.20 by commit...

Openstack nova qcow format could expose host filesystem information

Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem...

Fedora: Security Advisory for xen (FEDORA-2022-dfbf7e2372)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] [DSA 5117-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5117-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 10, 2022 https://www.debian.org/security/faq -...

Citrix Releases Security Updates for Hypervisor

Citrix has released security updates to address a vulnerability in Hypervisor. An attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX390511 and apply the necessary updates. This product is...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-nova) security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Fedora: Security Advisory for xen (FEDORA-2022-0cc3916e08)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Parallels Desktop HDAudio Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the HDAudio...

StarWind SAN & NAS has unspecified vulnerabilities

StarWind SAN & NAS is a standalone hypervisor server or group of servers for StarWind.A security vulnerability exists in StarWind SAN & NAS that could be exploited by an attacker to reset the passwords of other users...

StarWind SAN

StarWind SAN & NAS is a standalone hypervisor server or group of servers for StarWind.A command injection vulnerability exists in StarWind SAN & NAS, which can be exploited by attackers to remotely execute code...

VMware Fusion 12.x < 12.2.0 Heap Overflow RCE (VMSA-2022-0001)

VMware Fusion contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. Not...

Citrix Releases Security Updates for Hypervisor

Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX337526 and apply the necessary updates. This product ...