4461 matches found
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987649)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987649 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix panic on out-of-bounds guest IRQ As guestirq is coming from KVMIRQFD API call, it m...
kernel: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush In KVM guests with Hyper-V hypercalls enabled, the hypercalls HVCALLFLUSHVIRTUALADDRESSLIST and HVCALLFLUSHVIRTUALADDRESSLISTEX allow a guest to request...
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor. According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP...
kernel-rt security update
An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...
[BSA-125] Security Update for incus
Mathias Gibbens uploaded new packages for incus which fixed the following security problems: CVE ID : CVE-2025-54286 CVE-2025-54287 CVE-2025-54288 CVE-2025-54289 CVE-2025-54290 CVE-2025-54291 CVE-2025-54293 Multiple security issues were discovered in Incus, a system container and virtual machine...
Security Bulletin: IBM Technical Suppport Appliance - possible security flaws in memory management leading to information disclosure or denial of service
Summary A flaw in the KASAN Kernel Address Sanitizer code may allow memory to be accessed that is already free and a flaw in Virtual Machine Communication Interface VMCI allowed uninitialized kernel memory to be exposed to userspace. Vulnerability Details CVEID:CVE-2022-49058 DESCRIPTION: In the...
CVE-2025-62376
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...
CVE-2025-62376 pwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM access
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...
CVE-2025-62376 pwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM access
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...
CVE-2025-62376 pwn.college DOJO vulnerable to improper authentication in workspace endpoint allowing unauthorized Windows VM access
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef, the /workspace endpoint contains an improper authentication vulnerability that allows an attacker to access any active Windows VM without proper authorization. The...
DOJO 授权问题漏洞
DOJO is an open source JavaScript toolkit from pwn.college. DOJO suffers from an authorization issue vulnerability that stems from improper authentication of the /workspace endpoint, which could lead to unauthorized access to a Windows virtual machine...
PT-2025-42209
Name of the Vulnerable Software and Affected Versions pwn.college DOJO versions prior to commit 467db0b9ea0d9a929dc89b41f6eb59f7cfc68bef Description The /workspace endpoint in pwn.college DOJO has an improper authentication issue. An attacker can access any active Windows VM without authorization...
kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVMSETVCPUEVENTS even if having at least...
RMPocalypse: How a Catch-22 Breaks AMD SEV-SNP
This paper presents RMPocalypse, a novel attack that shows a critical gap in the security of RMP initialization, wherein the x86 cores maliciously control parts of the initial RMP state. The analysis shows that the vulnerability arises due to the complex, but insufficient, interplay of multiple...
Updated open-vm-tools package fixes security vulnerability
It was discovered that open-vm-tools contains a local privilege escalation vulnerability. A malicious actor with non-administrative privileges on a guest VM may exploit this vulnerability to escalate privileges to root on the same VM CVE-2025-41244...
EUVD-2025-33777
Happy DOM: VM Context Escape can lead to Remote Code Execution...
KVM: arm64: Don't retire aborted MMIO instruction
...
Exploit for Signal Handler Race Condition in Sonicwall Sma_6200_Firmware
CCTV-Hacking-Simulated-Environment-Only Repository purpose:...
ROS-20251008-05
A vulnerability in the Kubernetes virtual machine cluster management software tool is related to insufficient validation of user input. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
Oracle Linux 8 : open-vm-tools (ELSA-2025-17509)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-17509 advisory. - Resolves: RHEL-117388 CISA Major Incident CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools rhel-8.10.z Tenable has extracted the...