UBUNTU-CVE-2020-28368

Xen through 4.14.x allows guest OS administrators to obtain sensitive information such as AES keys from outside the guest via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for...

Vulnerabilities fixed in Citrix Hypervisor

Vulnerabilities have been fixed in Citrix Hypervisor. The vulnerabilities allow a malicious party to cause a denial-of-service DoS or to execute arbitrary code execute arbitrary code under the application's privileges. Citrix has released updates to fix the vulnerabilities in Hypervisor. For more...

Profile Management Configuration Checking Tool - UPMConfigCheck

Please note: You can download the required file from the Citrix downloads website by visiting the following link: https://www.citrix.com/downloads/citrix-tools Profile Management Configuration Check Tool UPMConfigCheck Created Date: February 27, 2012 Updated Date: August 23, 2023 Description...

Citrix Hypervisor Security Update

Description of Problem Two issues have been identified in Citrix Hypervisor that may, in certain configurations, allow privileged code in an HVM guest VM to execute code in the control domain, potentially compromising the host. These vulnerabilities affect all currently supported versions of Citr...

Citrix Hypervisor Security Update

Description of Problem Two issues have been identified in Citrix Hypervisor that may, if exploited, allow privileged code in an HVM guest VM to compromise or crash the host. These issues only apply in specific configurations; furthermore, Citrix believes that there would be significant difficulty...

Citrix Hypervisor Security Update

Description of Problem An issue has been discovered in Citrix Hypervisor that, if exploited, could potentially allow an attacker on the management network to enumerate valid administrative account usernames. Note that this attack does not disclose the corresponding passwords and does grant not...

Citrix Hypervisor Security Update

Description of Problem Several security issues have been identified in Citrix Hypervisor formerly Citrix XenServer that may allow: unprivileged code in a PV guest VM to compromise that PV guest VM privileged code in a guest VM to cause the host to crash or become unresponsive privileged code in a...

VMware Issues Updated Fix For Critical ESXi Flaw

VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. Wednesday’s VMware advisory said updated patch versions were available after it was discovered the previous patch, released Oct. 20, did not completely address the vulnerability. That’...

CVE-2020-3690

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...

Code injection

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...

CVE-2020-3690

CVE-2020-3690 describes that an incorrect SMMU configuration in the modem crypto engine could potentially compromise the hypervisor on Qualcomm Snapdragon platforms (e.g., Snapdragon Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Voice & Music/Wired Networking) across listed SoCs (A...

CVE-2020-3690

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...

The vulnerability of the openslp hypervisor packages in VMware ESXi, VMware Workstation, and VMware Fusion allows a malicious actor to execute arbitrary code, cause system failures, or gain unauthorized access to protected information.

The vulnerability of the openslp hypervisor packages in VMware ESXi, VMware Workstation, and VMware Fusion relates to the use of memory after deallocation. Exploiting this vulnerability can allow an attacker to execute arbitrary code, cause system failures, or gain unauthorized access to protecte...

Fedora: Security Advisory for xen (FEDORA-2020-e3d619cc32)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 33 Update: xen-4.14.0-6.fc33

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Fedora: Security Advisory for xen (FEDORA-2020-97775b4234)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-27672

A race condition flaw was found in the Xen code responsible for handling the updating of the hypervisor's own page tables. This flaw allows a malicious guest to cause a denial of service, host data corruption, or potential privilege escalation. The highest threat from this vulnerability is to...

CVE-2020-27674

A flaw was found in the Xen hypercalls with INVLPG-like behavior used by x86 PV guests to invalidate TLB entries. This flaw allows a malicious unprivileged guest user to escalate their privileges to the kernel level within the guest. Mitigation There is no known mitigation for this flaw apart fro...

Xen Migrating Timers Race condition DoS (XSA-336)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a denial of service DoS vulnerability. When migrating timers of x86 HVM guests between its vCPU-s, the locking model used allows for a second vCPU of the same guest also operating on the...

DEBIAN-CVE-2020-27673

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service host OS hang via a high rate of events to dom0, aka CID-e99502f76271...