CVE-2019-16650

On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the...

EUVD-2019-15093

Malware in sbrugna...

EUVD-2019-15094

Malware in sbrugna...

Oracle VirtualBox Virtual USB Numeric Truncation Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtual...

CVE-2019-16650

On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the...

CVE-2019-16649

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to...

CVE-2019-16650

CVE-2019-16650 affects Supermicro X10/X11 BMCs. The vulnerability stems from improper authentication in the virtual media service, allowing an attacker to transfer a client’s access privileges to another client that shares the same socket file descriptor. In practice, a remote attacker could conn...

BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks

Enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in malicious USB devices, cybersecurity researchers at firmware security company Eclypsium told The Hacker News. Yes, that's correct. You can launch all types of USB attacks against vulnerable...

The vulnerability of VMware ESXi, VMware Fusion, and Vmware Workstation arises from operations that occur outside the buffer boundaries of memory, allowing an attacker to execute arbitrary code.

The vulnerability of VMware ESXi, VMware Fusion, and Vmware Workstation hypervisors is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a virtual USB controller...

Code injection

VMware ESXi 6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001, Workstation 15.x before 15.0.4, 14.x before 14.1.7, Fusion 11.x before 11.0.3, 10.x before 10.1.6 contain a Time-of-check Time-of-use TOCTOU vulnerability in the virtual USB 1.1 UHCI Universal Ho...