Lucene search
K

26 matches found

Xen Project
Xen Project
added 2024/12/17 12:0 p.m.39 views

Xen hypercall page unsafe against speculative attacks

ISSUE DESCRIPTION Xen guests need to use different processor instructions to make explicit calls into the Xen hypervisor depending on guest type and/or CPU vendor. In order to hide those differences, the hypervisor can fill a hypercall page with the needed instruction sequences, allowing the gues...

5.5CVSS7AI score0.00304EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/05/28 2:11 p.m.5 views

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

6.5CVSS6.8AI score0.0018EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/05/22 10:3 a.m.2 views

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

6.5CVSS6.8AI score0.0018EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/05/01 12:42 a.m.5 views

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

7.1CVSS6.7AI score0.00247EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/05/01 12:20 a.m.7 views

hw: amd: Instruction raise #VC exception at exit

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

7.1CVSS6.7AI score0.00247EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/04/08 10:51 a.m.63 views

CVE-2024-25742

A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality and integrity of SEV-SNP on Linux guests by injecting interrupts. An attacker can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.27 views

Ubuntu: Security Advisory (USN-1719-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.9CVSS6.3AI score0.00366EPSS
Exploits0References2
NCSC
NCSC
added 2022/08/24 12:0 a.m.8 views

Vulnerability fixed in VMWare Tools

VMWare has fixed a vulnerability in VMWare Tools. A malicious person with user privileges in a virtual machine VM can exploit the vulnerability to grant himself elevated privileges and execute code with local administrator privileges in the vulnerable virtual machine. As far as is known, the...

7.8CVSS7.1AI score0.0054EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/11/01 12:0 a.m.18 views

openSUSE: Security Advisory for virtualbox (openSUSE-SU-2021:1403-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS5.9AI score0.004EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/05/19 12:0 a.m.36 views

RHEL 8 : spice-vdagent (RHSA-2021:1791)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1791 advisory. The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fixes: spice-vdagent: possible file transfer DoS and information...

6.4CVSS6.3AI score0.0049EPSS
Exploits4References14
OSV
OSV
added 2021/05/18 6:5 a.m.25 views

ALSA-2021:1791 Moderate: spice-vdagent security and bug fix update

The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fixes: spice-vdagent: possible file transfer DoS and information leak via activexfers hash map CVE-2020-25651 spice-vdagent: UNIX domain socket peer PID retrieved via SOPEERCRED is subject to race condition CVE-2020-25653...

6.4CVSS6.3AI score0.0049EPSS
Exploits4References4
OSV
OSV
added 2021/05/18 6:5 a.m.25 views

RLSA-2021:1791 Moderate: spice-vdagent security and bug fix update

The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fixes: spice-vdagent: possible file transfer DoS and information leak via activexfers hash map CVE-2020-25651 spice-vdagent: UNIX domain socket peer PID retrieved via SOPEERCRED is subject to race condition CVE-2020-25653...

6.4CVSS6.4AI score0.0049EPSS
Exploits4References7
Rockylinux
Rockylinux
added 2021/05/18 6:5 a.m.35 views

spice-vdagent security and bug fix update

An update is available for spice-vdagent. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The spice-vdagent packages provide a SPICE agent for Linux guests...

6.4CVSS6.3AI score0.0049EPSS
Exploits4
Fedora
Fedora
added 2021/02/12 1:44 a.m.70 views

[SECURITY] Fedora 33 Update: spice-vdagent-0.21.0-1.fc33

Spice agent for Linux guests offering the following features: Features: Client mouse mode no need to grab mouse by client, no mouse lag this is handled by the daemon by feeding mouse events into the kernel via uinput. This will only work if the active X-session is running a spice-vdagent process ...

6.4CVSS0.6AI score0.0049EPSS
Exploits4
OpenVAS
OpenVAS
added 2021/02/12 12:0 a.m.20 views

Fedora: Security Advisory for spice-vdagent (FEDORA-2021-09ce0cdfac)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.4CVSS6.6AI score0.00431EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2019/09/24 12:46 p.m.5 views

kernel: vhost-net: guest to host kernel escape during migration

A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this fla...

7.8CVSS7.3AI score0.00627EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2019/09/23 3:24 p.m.4 views

kernel: vhost-net: guest to host kernel escape during migration

A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this fla...

7.8CVSS7.3AI score0.00627EPSS
Exploits1References6
OPENSUSE Linux
OPENSUSE Linux
added 2019/06/11 12:0 a.m.183 views

Security update for virtualbox (important)

openSUSE Security Update: Security update for virtualbox Announcement ID: openSUSE-SU-2019:1547-1 Rating: important References: 1122212 Cross-References: CVE-2018-0734 CVE-2018-11763 CVE-2018-11784 CVE-2018-3309 CVE-2019-2446 CVE-2019-2448 CVE-2019-2450 CVE-2019-2451 CVE-2019-2500 CVE-2019-2501...

8.8CVSS6.6AI score0.94494EPSS
Exploits5References1
Tenable Nessus
Tenable Nessus
added 2019/01/28 12:0 a.m.44 views

openSUSE Security Update : virtualbox (openSUSE-2019-84)

This update for virtualbox version 5.2.24 fixes the following issues : Update fixes multiple vulnerabilities : CVE-2019-2500, CVE-2019-2524, CVE-2019-2552, CVE-2018-3309, CVE-2019-2520 CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2526, CVE-2019-2548 CVE-2018-11763, CVE-2019-2511,...

8.8CVSS6.1AI score0.94494EPSS
Exploits5References31
Talos Blog
Talos Blog
added 2018/04/13 7:0 a.m.22 views

Malware monitor - leveraging PyREBox for malware analysis

This post was authored by Xabier Ugarte Pedrero In July 2017 we released PyREBox, a Python Scriptable Reverse Engineering Sandbox as an open source tool. This project is part of our continuous effort to create new tools to improve our workflows. PyREBox is a versatile instrumentation framework...

0.3AI score
Exploits0
Rows per page
Query Builder