59 matches found
ALPINE-CVE-2020-29481
An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes...
CVE-2020-1243
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a...
CVE-2020-0904
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a...
CVE-2020-0890
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a...
DEBIAN-CVE-2020-11741
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users with active profiling to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenopr...
Marriott hacked AGAIN – Millions of guests’ data accessed by hackers
By Waqas Marriott International has been hacked again and this time millions of customer data has been stolen just like in 2018. This is a post from HackRead.com Read the original post: Marriott hacked AGAIN - Millions of guests' data accessed by hackers...
Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests
International hotel chain Marriott today disclosed a data breach impacting nearly 5.2 million hotel guests, making it the second security incident to hit the company in recent years. "At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed...
CVE-2020-0751
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a...
Product update: Virtuozzo 7.0 Update 11 (7.0.11-293)
The Update 11 for Virtuozzo 7.0 provides new features as well as stability and usability bug fixes. It also introduces a new kernel 3.10.0-957.12.2.vz7.96.21. Vulnerability id: PSBM-82223 Under certain circumstances, a VM with IDE disks could crash or corrupt guest data during migration or snapsh...
CVE-2019-5604
In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350247, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, the emulated XHCI device included with the bhyve hypervisor did not properly validate data provided by the guest,...
Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach
After fining British Airways with a record fine of £183 million earlier this week, the UK's data privacy regulator is now planning to slap world's biggest hotel chain Marriott International with a £99 million $123 million fine under GDPR over 2014 data breach. This is the second major penalty...
CVE-2018-7079
Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privileg...
DEBIAN-CVE-2017-15589
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS or an arbitrary guest OS because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory...
ALPINE-CVE-2017-15589
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS or an arbitrary guest OS because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory...
Exploit for CVE-2017-10235
CVE-2017-10235: VirtualBox E1000 device buffer overflow In...
DEBIAN-CVE-2015-8555
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors...
UBUNTU-CVE-2015-8555
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors...
Xen version information hypercall information disclosure vulnerability
Xen is an open source virtual machine. Xen has a security vulnerability that allows a malicious HVM Guest to read sensitive data from other Guests via version information hypercall...
libspice: Relying on guest provided data structures to indicate memory allocation
libspice, as used in QEMU-KVM in the Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service guest OS crash ...