DEBIAN-CVE-2020-25723

A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on t...

CVE-2020-25650

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock could use this flaw to perform a memory denial of service f...

Wsb-Detect - Tool To Detect If You Are Running In Windows Sandbox ("WSB")

wsb-detect enables you to detect if you are running in Windows Sandbox "WSB". The sandbox is used by Windows Defender for dynamic analysis, and commonly manually by security analysts and alike. At the tail end of 2019, Microsoft introduced a new feature named Windows Sandbox WSB for short. The...

Xen Denial of Service Vulnerability (CNVD-2021-44718)

Xen is an open source virtual machine monitor product. A denial of service vulnerability exists in Xen 4.14. and earlier versions that stems from the presence of a difference-one error that can be exploited by users of x86 HVM client operating systems to cause a denial of service, data leakage, a...

Vulnerability fixed in Xen

A vulnerability has been fixed in Xen. A malicious person who can execute code in a guest VM under elevated privileges can execute code, could vulnerability could potentially exploit it to cause a denial-of-service on the Xen hypervisor. Potentially, the vulnerability could also be exploited to...

CVE-2020-4004

VMware ESXi 7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG, Workstation 15.x before 15.5.7, Fusion 11.x before 11.5.7 contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a...

VMware ESXi 安全漏洞

VMware ESXi is a virtualization software and the software supports windows platform to run. An elevation of privilege vulnerability exists in VMware ESXi. The vulnerability stems from an issue with how certain system calls are managed. An attacker with privileges only in the VMX process could...

Uncovered: APT 'Hackers For Hire' Target Financial, Entertainment Firms

A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies. Dubbed "CostaRicto" by Blackberry researchers, the campaign appears to be the handiwork of APT mercenaries who posses...

DEBIAN-CVE-2020-27617

ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...

Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid

An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVMGETEMULATEDCPUID' ioctl2 request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulti...

UBUNTU-CVE-2020-25651

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...

UBUNTU-CVE-2020-25650

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock could use this flaw to perform a memory denial of service f...

EulerOS 2.0 SP9 : dpdk (EulerOS-SA-2020-2428)

According to the versions of the dpdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copydata function leads to a buffer...

EulerOS 2.0 SP9 : dpdk (EulerOS-SA-2020-2410)

According to the versions of the dpdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copydata function leads to a buffer...

The vulnerability of the Java VM component of the Oracle Database Server database management system allows attackers to compromise the integrity of the protected information.

The vulnerability of the Java VM component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...

The vulnerabilities in the VMCI drivers of VMware ESXi, VMware Workstation, and VMware Fusion allow attackers to cause system failures.

The vulnerability of VMCI drivers in hypervisor graphics of VMware ESXi, VMware Workstation, and VMware Fusion is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a attacker to cause service failures...

EulerOS 2.0 SP8 : dpdk (EulerOS-SA-2020-2308)

According to the versions of the dpdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the movedesc function can lead to large amounts of CPU cycles being...

[SECURITY] [DLA 2420-2] linux regression update

Debian LTS Advisory DLA-2420-2 [email protected] https://www.debian.org/lts/security/ Ben Hutchings October 31, 2020 https://wiki.debian.org/LTS Package : linux Version : 4.9.240-2 CVE ID : CVE-2019-9445 CVE-2019-19073 CVE-2019-19074 CVE-2019-19448 CVE-2020-12351 CVE-2020-12352...

Vulnerabilities fixed in Oracle Virtualbox

Oracle has fixed multiple vulnerabilities in Virtualbox. By exploiting the vulnerabilities, a malicious person with access to a VM gain access to sensitive data, manipulate data manipulate data or cause a denial-of-service. ------------------.------.------------------------------------- | CVE ID ...

CVE-2020-3982

VMware ESXi 7.0 before ESXi7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG, Workstation 15.x, Fusion 11.x before 11.5.6 contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative...