Gradle Remote Code Execution Vulnerability

Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. A remote code execution vulnerability exists in Gradle Enterprise prior to 2021.1.2, which stems from the installation configuration user interface available to administrators...

Fortinet FortiManager VM和FortiAnalyzer Vm信息泄露漏洞

Fortinet FortiManager VM is a centralized network security management platform for virtual machines. FortiAnalyzer Vm is a virtual machine that provides the ability to group devices into different management domains ADOMs for security deployment and management. FortiAnalyzer Vm is a virtual machi...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel powerpc prior to version 5.14.15, which stems from an implementation error in arch/powerpc/kvm/book3shvrmhandlers when handling...

CVE-2021-41619

An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface available to administrators allows specifying arbitrary Java Virtual Machine startup options. Some of the...

CVE-2021-41619

The CVE affects Gradle Enterprise prior to 2021.1.2. The installation configuration UI allows administrators to specify arbitrary JVM startup options (e.g., -XX:OnOutOfMemoryError), which can be abused to execute commands on the host if an attacker gains admin access. Documented impact is potenti...

CVE-2011-4574

PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer the RDTSC instruction. This instruction can be virtualized, and some virtual machine hosts have chosen to disable this...

Gradle 代码注入漏洞

Gradle is the U.S. Gradle company's set of JVM-based project build tool , it supports maven, Ivy repository and so on. A remote code execution vulnerability exists in Gradle Enterprise prior to 2021.1.2, which stems from the installation configuration user interface available to administrators...

UBUNTU-CVE-2019-3556

HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...

kernel: powerpc: KVM guest OS users can cause host OS memory corruption

A flaw was found on the Linux kernel. On the PowerPC platform, the KVM guest allows the OS users to cause host OS memory corruption via rtasargs.nargs. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...

kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks

A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VMIO|VMPFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of...

Facebook HHVM 路径遍历漏洞

Facebook HHVM a.k.a. HipHop Virtual Machine is a virtual machine from Facebook Inc. that significantly improves the performance of loading dynamic pages in PHP. HHVM suffers from a path traversal vulnerability that stems from improper design or implementation during code development of a networke...

How to Add Multiple CD or DVD Drives to XenServer Virtual Machines

This article describes how to add more than one CD/DVD drive to a Virtual Machine VM...

Oracle VM VirtualBox Denial of Service Vulnerability (CNVD-2021-81789)

Oracle VM VirtualBox is a virtual machine management software from Oracle. A denial of service vulnerability exists in the Core component of Oracle VM VirtualBox versions prior to 6.1.28, which can be exploited by an attacker to cause Oracle VM VirtualBox to hang or crash frequently and repeatedl...

Oracle VM VirtualBox Denial of Service Vulnerability (CNVD-2021-81788)

Oracle VM VirtualBox is a virtual machine management software from Oracle. A denial of service vulnerability exists in the Core component of Oracle VM VirtualBox versions prior to 6.1.28, which can be exploited by an attacker to cause Oracle VM VirtualBox to hang or crash frequently and repeatedl...

Oracle Java SE and Oracle GraalVM Enterprise Edition Information Disclosure Vulnerability

Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. An information...

kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...

kernel: SVM nested virtualization issue in KVM (AVIC support)

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

Oracle Database Server 输入验证错误漏洞

Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing, and other functions.An unspecified vulnerability exists in the Java VM component of Oracle Database Server versions...

Design/Logic Flaw

The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In evm crate 0.31.0, JUMPI opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a...