forman: Foreman: Remote Code Execution via command injection in WebSocket proxy

A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating...

EUVD-2011-1771

Malware in sbrugna...

EUVD-2008-4520

Malware in sbrugna...

Dell iDRAC9 Improper Authentication (CVE-2022-24422)

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console. This plugin only works with Tenable.ot. Please visit...

SUSE CVE-2008-4539

Heap-based buffer overflow in the Cirrus VGA implementation in 1 KVM before kvm-82 and 2 QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorre...

CVE-2022-24422

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console...

Authentication flaw

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console...

CVE-2022-24422

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console...

Check Point Response to CVE-2022-24422 - Dell iDRAC9 Security Update for an Improper Authentication Vulnerability

Cause Refer to Dell's DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability. Symptoms - Dell published CVE-2022-24422 for iDRAC9 versions 5.00.00.00 and higher but lower than 5.10.10.00. These versions contain an improper authentication vulnerability. A remote...

Virtuozzo Hybrid Infrastructure 4.7 Update 1.1

This update provides stability fixes. Vulnerability id: VSTOR-49253 Cannot deploy the compute cluster with a flat physical network if the untagged network interface has VLAN interfaces. Vulnerability id: VSTOR-49207 A vGPU may disconnect from a virtual machine after the VM shutdown and start...

Authorization Bypass

virt-v2v is vulnerable to authorization bypass. The vulnerability exists as using virt-v2v to convert a guest that has a password-protected VNC console to a KVM guest removed that password protection from the converted guest: after conversion, a password was not required to access the converted...

CVE-2019-1895

A vulnerability in the Virtual Network Computing VNC console implementation of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to access the VNC console session of an administrative user on an affected device. The vulnerability is due to an...

Denial Of Service (DoS)

qemu-kvm-rhev is vulnerable to denial of service. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of servi...

Security Bulletin: PowerKVM is affected by a Qemu vulnerability (CVE-2015-1779)

Summary PowerKVM is vulnerable to Qemu vulnerability CVE-2015-1779. Vulnerability Details CVEID: CVE-2015-1779 DESCRIPTION: QEMU is vulnerable to a denial of service, caused by an error when processing incoming frames by the websocket frame decoder. A remote attacker from within the local network...

Product update: Virtuozzo 7.0 Update 5 Hotfix 1 (7.0.5-631)

The Hotfix 1 for Virtuozzo 7.0 Update 5 provides a new feature as well as stability and usability bug fixes. Vulnerability id: PSBM-70449 Copying small service files stored on MDS could result in cluster unmount. Vulnerability id: PSBM-69911 VNC console in PowerPanel did not work for VMs running ...

Product update: Virtuozzo Automator 7.0 Update 2 (VA MN: 7.0.2-266, VA Agent: 7.0.2-115)

The Update 2 for Virtuozzo Automator 7.0 provides new features and stability and usability bug fixes. Vulnerability id: PVA-36694 No 'Renew backup' button on virtual environment's backups tab. Vulnerability id: PVA-36693 Existing bridges were not used when attaching interfaces to virtual networks...

Important: Red Hat Security Advisory: CFME 5.6.3 security, bug fix, and enhancement update

An update is now available for Red Hat CloudForms 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

Mandriva Linux Security Advisory : qemu (MDVSA-2015:210)

Updated qemu packages fix security vulnerabilities : A denial of service flaw was found in the way QEMU handled malformed Physical Region Descriptor Table PRDT data sent to the host's IDE and/or AHCI controller emulation. A privileged guest user could use this flaw to crash the system rhbz1204919...

RedHat Update for qemu-kvm RHSA-2015:0349-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : qemu-kvm-rhev (RHSA-2015:0624)

Updated qemu-kvm-rhev packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Virtualization Hypervisor 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring Syste...