Lucene search
K

166 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 5:25 a.m.27 views

OpenStack Nova Directory traversal vulnerability

Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2 and Essex 2012.1, when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. dot dot in the path attribute of a file element...

5.5CVSS6.9AI score0.02997EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2022/05/17 5:25 a.m.7 views

GHSA-M454-CM7H-RQHH OpenStack Nova Directory traversal vulnerability

Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2 and Essex 2012.1, when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. dot dot in the path attribute of a file element...

5.5CVSS6.1AI score0.02997EPSS
Exploits1References8
Trellix
Trellix
added 2022/04/20 12:0 a.m.12 views

Conti Group Targets ESXi Hypervisors With its Linux Variant

Conti Group Targets ESXi Hypervisors With its Linux Variant By Marc Elias, Jambul Tologonov and Alexandre Mundo · Apr 20, 2022 Despite the leak of the conversations of the Conti members that happened in March 2022, which we analyzed and published recently, the group seems to continue its operatio...

0.2AI score
Exploits0
Trellix
Trellix
added 2022/04/20 12:0 a.m.12 views

Conti Group Targets ESXi Hypervisors With its Linux Variant

Conti Group Targets ESXi Hypervisors With its Linux Variant By Marc Elias, Jambul Tologonov and Alexandre Mundo · Apr 20, 2022 Despite the leak of the conversations of the Conti members that happened in March 2022, which we analyzed and published recently, the group seems to continue its operatio...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/04/14 12:0 a.m.6 views

The vulnerability of Xen hypervisors, related to improper authorization, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of Xen hypervisors is related to improper authorization. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

7.2CVSS6.6AI score0.00361EPSS
Exploits0References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/04/01 12:0 a.m.8 views

The vulnerability of the XENMAPSPACE_grant_table function in Xen hypervisors allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the XENMAPSPACEgranttable function in Xen hypervisors is related to insecure management of privileges. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and cause service interruptions...

7.8CVSS7.1AI score0.00266EPSS
Exploits0References8Affected Software4
ThreatPost
ThreatPost
added 2021/10/06 8:34 p.m.52 views

VMware ESXi Servers Encrypted by Lightning-Fast Python Script

Researchers have discovered a new Python ransomware from an unnamed gang that’s striking ESXi servers and virtual machines VMs with what they called “sniper-like” speed. Sophos said on Tuesday that the ransomware is being used to compromise and encrypt VMs hosted on an ESXi hypervisor in operatio...

7.8AI score
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.6 views

The vulnerability of Xen hypervisors on Arm, related to information disclosure, allows attackers to gain access to confidential data.

The vulnerability of Xen hypervisors on ARM is related to the lack of cleaning of loading modules. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

5.5CVSS5.9AI score0.00321EPSS
Exploits0References5Affected Software3
OpenVAS
OpenVAS
added 2021/07/06 12:0 a.m.33 views

Fedora: Security Advisory for libslirp (FEDORA-2021-71de23bedd)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

3.8CVSS6AI score0.00326EPSS
Exploits0References2
Fedora
Fedora
added 2021/07/04 1:9 a.m.86 views

[SECURITY] Fedora 33 Update: libslirp-4.3.1-5.fc33

A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services...

3.8CVSS2.2AI score0.00326EPSS
Exploits0
Fedora
Fedora
added 2021/07/04 1:7 a.m.66 views

[SECURITY] Fedora 34 Update: libslirp-4.4.0-4.fc34

A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services...

3.8CVSS2.2AI score0.00326EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/02/12 12:0 a.m.49 views

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2021-3348: Fixed a use-after-free in nbdaddsocket that could be triggered by local attackers with access to the nbd device via an I/O request at a certain point...

9.8CVSS7.7AI score0.06563EPSS
Exploits14References112
Gitee
Gitee
added 2021/01/22 2:34 p.m.3 views

awesome-virtualization

This is a collection of resources about virtualization, not an exploit or offensive tool. It is a curated list of awesome resources about virtualization, including documentation, books, courses, papers, research projects, and more. The repository includes information on mainstream hypervisors,...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/01/14 12:0 a.m.59 views

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0108-1)

The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver bsc1180559. CVE-2020-27825: Fixed a race in the traceopen and buffer resi...

9.8CVSS7.5AI score0.02209EPSS
Exploits6References129
OSV
OSV
added 2020/12/15 5:15 p.m.7 views

CVE-2020-27777

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down usually due to Secure Boot guest system running on top of PowerVM or KVM hypervisors pseries platform a root like local user could use this flaw to further increase their privileges to...

6.7CVSS7AI score
Exploits0References4
NVD
NVD
added 2020/12/15 5:15 p.m.21 views

CVE-2020-27777

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down usually due to Secure Boot guest system running on top of PowerVM or KVM hypervisors pseries platform a root like local user could use this flaw to further increase their privileges to...

7.2CVSS6.8AI score0.00501EPSS
Exploits1References4
Prion
Prion
added 2020/12/15 5:15 p.m.33 views

Design/Logic Flaw

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down usually due to Secure Boot guest system running on top of PowerVM or KVM hypervisors pseries platform a root like local user could use this flaw to further increase their privileges to...

7.2CVSS6.4AI score0.00501EPSS
Exploits1References4Affected Software3
UbuntuCve
UbuntuCve
added 2020/12/15 5:15 p.m.69 views

CVE-2020-27777

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down usually due to Secure Boot guest system running on top of PowerVM or KVM hypervisors pseries platform a root like local user could use this flaw to further increase their privileges to...

7.2CVSS6.7AI score0.00501EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2020/12/14 12:0 a.m.31 views

Fedora: Security Advisory for libslirp (FEDORA-2020-77f93f41be)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.3AI score
Exploits0References2
Fedora
Fedora
added 2020/12/13 2:35 a.m.51 views

[SECURITY] Fedora 32 Update: libslirp-4.3.1-3.fc32

A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services...

4.3CVSS2.2AI score0.0183EPSS
Exploits1
Rows per page
Query Builder