15 matches found
EUVD-2021-9152
Malicious code in bioql PyPI...
CVE-2021-21981
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC Role based access control role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level...
CVE-2022-0358
A flaw was found in the QEMU virtio-fs shared file system daemon virtiofsd implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certa...
Oracle Linux 8 : spice-vdagent (ELSA-2021-1791)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-1791 advisory. 0.20.0-3 - Fix mouse problems in multi-monitor environments under Wayland Resolves: rhbz1790904 rhbz1824610 0.20.0-2 - Resolves: CVE-2020-25650,...
CVE-2021-21981
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC Role based access control role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level...
CVE-2020-25652
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to th...
CVE-2020-25652
A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to th...
Denial Of Service (DoS)
kernel is vulnerable to denial of service. A local guest user is able to crash the application as the cpuid instruction emulation when exiting the VM are not properly handled...
The vulnerability of the Cisco IOS XE operating system arises from errors in path name restrictions for restricted access directories, allowing attackers to execute arbitrary code on the Linux kernel.
The vulnerability of the Cisco IOS XE operating system exists due to errors in path name restrictions for restricted access directories. Exploiting this vulnerability allows a malicious individual, who operates locally and is a user of the guest operating system, to execute arbitrary code on the...
The vulnerability of Xen hypervisors relates to deficiencies in access control, allowing attackers to trigger service failures or increase their privileges.
The vulnerability of Xen hypervisors is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating locally within a user account of the x86 guest operating system in hardware virtualization mode, to trigger a hypervisor failure or increase their...
ALPINE-CVE-2016-9377
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service guest crash by leveraging IDT entry miscalculation...
The vulnerability of the QEMU hardware emulation software, which allows a hacker to trigger a service failure
The vulnerability in the hw/9pfs/9p-proxy.c function of the virtualization cleanup service in the QEMU hardware emulation proxy backend is related to a memory leak. Exploiting this vulnerability allows an attacker, who operates locally and is also a user of the guest operating system, to cause a...
Spice 'surface_id' Heap Overflow Vulnerability
SPICE Simple Protocol for Independent Computing Environments is one of the three main technology components of Red Hat Enterprise Virtualized Desktop Edition, an adaptive remote submission protocol that delivers the exact same end-user experience as a physical desktop. A security vulnerability...
Linux kernel drivers/xen/usbback/usbback.c information disclosure vulnerability
Linux kernel is an open source operating system. A security vulnerability in drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0, which is used by the Suse distribution of the Linux kernel, allows a local GUEST OS user to obtain kernel-sensitive information about the HOST OS...
qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function
Integer overflow in the virtionethandlemac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow...