CVE-2018-12904

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL...

CVE-2018-12904

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL...

CVE-2018-12904

CVE-2018-12904 affects the Linux kernel’s KVM implementation on x86 when nested virtualization is enabled. The vulnerability arises in arch/x86/kvm/vmx.c due to insufficient CPL checks, potentially allowing a local attacker running in a guest VM (L1) to cause VMEXITs that may lead to privilege es...

CVE-2018-12904

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL...

CVE-2018-12904

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL...

UBUNTU-CVE-2018-12904

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial of service attacks due to lack of checking of CPL...

KVM (Nested Virtualization) - L1 Guest Privilege Escalation

KVM Nested Virtualization - L1 Guest Privilege Escalation When KVM on Intel virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM which trigger a VM exit and are emulated by L0 KVM are coming from ring 0. For code running on bare metal or VMX root mode th...

KVM (Nested Virtualization) - L1 Guest Privilege Escalation Vulnerability

Exploit for linux platform in category dos / poc When KVM on Intel virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM which trigger a VM exit and are emulated by L0 KVM are coming from ring 0. For code running on bare metal or VMX root mode this is...

KVM (Nested Virtualization) - L1 Guest Privilege Escalation

When KVM on Intel virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM which trigger a VM exit and are emulated by L0 KVM are coming from ring 0. For code running on bare metal or VMX root mode this is enforced by hardware. However, for code running in L...

UBUNTU-CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

CVE-2014-10064

The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example...

Pro Tip: The Right Way to Test JSON Parameters with Burp

Heres a Burp trick you might not know, which helped find this instance of command execution and lots of SQL injection in other applications. Despite PortSwigger claiming otherwise, Burp does not parse JSON very well, especially nested JSON parameters and values like you see below...

sensu: Password exposure in warn level log when configured for multiple rabbitMQ connections

Sensu's redaction function fails to handle the redaction of sensitive data in deeply nested data structures, resulting in sensitive data, such as passwords, being logged in clear-text...

Pulse Secure Pulse Connect Secure Denial of Service Vulnerability

Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A security vulnerability exists in Pulse Connect Secure versions 8.1.x prior to 8.1R14, 8.2.x prior to 8.2R11, and 8.3.x prior to 8.3R5, which stems from the...

CVE-2018-9849

Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service memory consumption and memory errors via a crafted XML document...

php: Out-of-bounds heap read on unserialize in finish_nested_data()

The objectcommon1 function in ext/standard/varunserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service buffer over-read and application crash via crafted serialized data that is mishandled in a finishnesteddata call...

php: buffer over-read in finish_nested_data function

The finishnesteddata function in ext/standard/varunserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP...

OpenMPT and libopenmpt Denial of Service Vulnerabilities

OpenMPT is an open source audio processing program . libopenmpt is a cross-platform C and C++ based audio playback library . A security vulnerability exists in the soundlib/Sndfx.cpp file in OpenMPT versions prior to 1.27.07.00 and libopenmpt versions prior to 0.3.8. A remote attacker can exploit...

CVE-2017-18102

The wiki markup component of atlassian-renderer from version 8.0.0 before version 8.0.22 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in nested wiki markup...