PT-2024-34706 · Bhyve +1 · Bhyve +1

Name of the Vulnerable Software and Affected Versions: bhyve hypervisor affected versions not specified Description: The NVMe driver function nvme opc get log page is vulnerable to a buffer over-read from a guest-controlled value. This issue is related to the bhyve hypervisor and affects the NVMe...

FreeBSD-SA-24:17.bhyve

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:17.bhyve Security Advisory The FreeBSD Project Topic: Multiple issues in the bhyve hypervisor Category: core Module: bhyve Announced: 2024-10-29 Credits:...

Oracle Linux 8 : edk2 (ELSA-2024-28600)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-28600 advisory. - EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain...

How to Detect and Remove Separated Disks During Veeam Agent for Linux Restore

Purpose This article documents how to detect and clean up the restored disks of a Linux machine that used Logical Volume Manager LVM, was backed up with Veeam Agent for Linux , and restored to a hypervisor VM or cloud computing platform. This issue is documented in the following Veeam Agent for...

The vulnerability of Xen hypervisors, related to type confusion, allows attackers to access confidential information and enhance their privileges.

The vulnerability of Xen hypervisors is related to a logical error caused by confusion regarding the types of branches during the implementation of early fixes. Exploiting this vulnerability can allow an attacker to access confidential information and enhance their privileges...

Oracle Linux 8 : edk2 (ELSA-2024-12795)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12795 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...

Oracle Linux 7 : edk2 (ELSA-2024-12794)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-12794 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...

Oracle Linux 7 : edk2 (ELSA-2024-12793)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-12793 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...

edk2 security update

20240909 - Create new 20240909 release for OL8 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK2: In the Linux...

edk2 security update

1.7.1 - Create new 1.7.1 release for OL7 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK2: In the Linux kernel...

QEMU SCSI Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of QEMU. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of th...

ROS-20241015-02

The vulnerability in the Xen hypervisor is related to a logic error caused by branch type confusion when implementing an of early patches. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information and escalate privileges on the system...

The vulnerability of the Hyper-V hardware virtualization system for Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Hyper-V hardware virtualization technology for Windows operating systems relates to the unrestricted and unregulated distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

Performance Counter Side Channel

Bulletin ID: AMD-SB-3013 Potential Impact: N/A Severity: N/A Summary Researchers from Graz University of Technology, Austria, have reported a way for a malicious hypervisor to monitor performance counters and potentially recover data from a guest VM...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-46689)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46689 advisory. - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as...

CVE-2024-5535 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-3

CVE-2024-5535 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-3. An upgraded version of the package is available that resolves this issue...

CVE-2024-8755

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 inclusive From 7.2.49.0 to 7.2.54.12 inclusive 7.2.48.12 and all prior versions Multi-Tenant...

CVE-2024-8755

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 inclusive From 7.2.49.0 to 7.2.54.12 inclusive 7.2.48.12 and all prior versions Multi-Tenant...

CVE-2024-8755

CVE-2024-8755 is an Improper Input Validation vulnerability in Progress LoadMaster and Progress Multi-Tenant Hypervisor that allows OS Command Injection for authenticated users via the LoadMaster management interface. Affected: LoadMaster versions 7.2.55.0–7.2.60.1; 7.2.49.0–7.2.54.12; 7.2.48.12 ...

CVE-2024-8755 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 inclusive From 7.2.49.0 to 7.2.54.12 inclusive 7.2.48.12 and all prior versions Multi-Tenant...