AZL-49335 CVE-2024-46707 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICCSGIEL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICCSGIEL1 registers is...

UBUNTU-CVE-2024-46707

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICCSGIEL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICCSGIEL1 registers is...

The vulnerability of the Libvirt virtualization management library, related to the assignment of the null pointer, allows a attacker to trigger a service failure.

The vulnerability of the Libvirt virtualization management library is related to the assignment of a null pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Windows Network Virtualization service allows a hacker to execute arbitrary code.

The vulnerability of the Windows Network Virtualization service for Windows operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

The vulnerability of the Windows Network Virtualization service allows a hacker to execute arbitrary code.

The vulnerability of the Windows Network Virtualization service for Windows operating systems is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2024-34016

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A race condition issue has been resolved in the Linux kernel, specifically in the scsi: lpfc component. The problem occurred when deleting an NPIV instance, as it required all fabric...

KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()

...

VulnCheck KEV: CVE-2024-22253

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the...

Vulnerability of the arch/x86/kvm/x86.c component and lapic_shutdown within the Kernel-Based Virtual Machine (KVM) virtualization subsystem of the Linux operating system, which allows a hacker to trigger a service failure.

The vulnerability in the arch/x86/kvm/x86.c component of the KVM kernel-based virtualization subsystem in Linux operating systems is related to the disabling of the tsc-deadline mode and the execution of a reboot in the guest system. Exploiting this vulnerability can allow an attacker to cause a...

CVE-2024-8509 Migration toolkit for virtualization: forklift-controller: empty bearer token may perform authentication

A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response...

CVE-2024-8509 Migration toolkit for virtualization: forklift-controller: empty bearer token may perform authentication

A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response...

Red Hat Migration Toolkit for Virtualization 授权问题漏洞

Red Hat Migration Toolkit for Virtualization is a toolkit from Red Hat, Inc. An authorization issue vulnerability exists in Red Hat Migration Toolkit for Virtualization, which arises from the component Forklift Controller not validating the authorization header beyond ensuring that credential...

SUSE CVE-2024-45005

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...

DEBIAN-CVE-2024-45005

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.usegisa=0" or by setting the related sysfs attribute to N echo...

PT-2024-8607 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: FreeBSD affected versions not specified Description: The function ctl write buffer incorrectly set a flag, resulting in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio...

EulerOS Virtualization 2.12.0 : libyaml (EulerOS-SA-2024-2330)

According to the versions of the libyaml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function...

EulerOS Virtualization 2.12.1 : kernel (EulerOS-SA-2024-2308)

"According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of craft...

EulerOS Virtualization 2.12.1 : mod_http2 (EulerOS-SA-2024-2311)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413...

EulerOS Virtualization 2.12.1 : sssd (EulerOS-SA-2024-2317)

According to the versions of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to...

EulerOS Virtualization 2.12.1 : less (EulerOS-SA-2024-2309)

According to the versions of the less package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename....