CVE-2025-14525 Kubevirt: kubevirt: vm administration denial of service via guest agent

A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...

EUVD-2024-51807

Malicious code in bioql PyPI...

EUVD-2024-45749

Malicious code in bioql PyPI...

CVE-2024-29008

A problem has been identified in the CloudStack additional VM configuration extraconfig feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not...

CVE-2024-51544

Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...

CVE-2024-29008

A problem has been identified in the CloudStack additional VM configuration extraconfig feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not...

CVE-2024-29008

CVE-2024-29008 concerns Apache CloudStack’s extraconfig (additional VM configuration) feature. In KVM environments, incorrect access control allows users who can deploy or modify VMs to configure extra VM settings even when the feature is disabled, enabling attachment of host devices (storage dis...

PT-2024-22667 · Apache · Cloudstack

Name of the Vulnerable Software and Affected Versions: CloudStack versions prior to 4.18.1.1 CloudStack versions prior to 4.19.0.1 Description: A problem has been identified in the CloudStack additional VM configuration extraconfig feature which can be misused by anyone who has privilege to deplo...

Machine catalog updates failure with error the master VM as an invalid configuration

VMWARE Hypervisor When updating a particular machine catalog with a new master image, the operation fails early on with one of the following: "action name: updatemachinecatalogprovisiningscheme" "action name: MCUpdateMachineCatalog" Error : The master VM as an invalid configuration Same issue...

Xen xenstore watch notification Information Disclosure (XSA-115)

"According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an information disclosure vulnerability due to a lack of permission checks for xenstore watch event reporting. A guest administrator can watch the root xenstored node, which will cause...

SureBackup for VM With VBS Enabled Fails With “Invalid change tracker error code”

Challenge A SureBackup job testing a VMware VM that has Virtualization-Based Security VBS enabled fails with the error: An error occurred while taking a snapshot: Invalid change tracker error code. An error occurred while taking a snapshot: Invalid change tracker error code. Cause This error occu...

Virtuozzo 6 : parallels-kernel-modules / etc (VZA-2019-063)

According to the version of the parallels-kernel-modules / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - Fixed possible corruption of VM configuration after restoration from backup by means of third-party solutions. The built-...

Product update: Virtuozzo 6.0 Update 12 Hotfix 44 (6.0.12-3746)

The Hotfix 44 for Virtuozzo 6.0.12 fixes a security issue. Vulnerability id: PSBM-96909 Fixed possible corruption of VM configuration after restoration from backup by means of third-party solutions. The built-in backup restoration tool 'prlctl restore' is not affected. User data inside restored V...

The Number of vCPUs Assigned To A Guest Causes VIFs To Go Offline

Increasing the number of vCPUs assigned to a VM will reduce the number of available. For instance 10 vCPUs will have 7 active VIFs but 12 vCPUs will only allow 6 active VIFs...

Product update: Virtuozzo 7.0 Update 6 Hotfix 2 (7.0.6-695)

The Hotfix 2 for Virtuozzo 7.0 Update 6 provides a new feature as well as stability and usability bug fixes. Vulnerability id: PSBM-65549 Resource alerts could be shown in Virtuozzo Automator for Windows VMs with enough resources. Vulnerability id: PSBM-78460 Container live migration could fail d...

CVE-2017-4941

VMware ESXi 6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG, Workstation 12.x before 12.5.8, and Fusion 8.x before 8.5.9 contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this iss...

Oracle VM VirtualBox - virtio-net Guest-to-Host Out-of-Bounds Write

Oracle VM VirtualBox - virtio-net Guest-to-Host Out-of-Bounds Write Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1136 This is a vulnerability that affects VirtualBox VMs that use a virtio network adapter which is a non-standard configuration. It permits the guest kernel to...

VirtualBox Guest-To-Host Out-Of-Bounds Write Exploit

Exploit for multiple platform in category dos / poc VirtualBox: guest-to-host out-of-bounds write via virtio-net CVE-2017-3575 This is a vulnerability that affects VirtualBox VMs that use a virtio network adapter which is a non-standard configuration. It permits the guest kernel to write up to 4G...

Hyper-V Guest processing skipped (check guest OS VSS state and integration components version)

Challenge Guest VMs will fail to engage VSS when Application-Aware Processing is enabled, generating the error: Error Guest processing skipped check guest OS VSS state and integration components version System.Exception Solution Most Common Solution At the time this article was written in 2014,...