Design/Logic Flaw

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a...

UBUNTU-CVE-2020-1711

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block LBA in an iscsicoblockstatus routine. A remote user could use this flaw to...

Windows Hyper-V Denial of Service Vulnerability

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a...

The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to gain full control over the application.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the application by using network protocols...

qemu security update

CentOS Errata and Security Advisory CESA-2020:0366 An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2017-10356, CVE-2017-10345)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified...

The vulnerability of the ttm_put_pages() function in the vmwgfx and ttm modules of Linux kernel devices allows a hacker to cause a service failure.

The vulnerability of the ttmputpages function in the vmwgfx and ttm modules of Linux kernel systems relates to reading data beyond the memory boundaries. Exploiting this vulnerability could allow an attacker to cause a service failure by executing commands in the mounted file system f2fs image...

Huawei EulerOS: Security Advisory for kvm (EulerOS-SA-2019-1450)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VMware Tools Local Elevation of Privilege Vulnerability (CNVD-2020-13854)

VMware Tools is an enhancement tool that comes with VMware virtual machines, equivalent to the enhancements in VirtualBox Sun VirtualBox Guest Additions, and is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of...

CVE-2020-3941

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11...

CVE-2020-3941

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11...

CVE-2020-2518

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to...

CVE-2020-3941

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11. Recen...

Kernel: KVM: potential use-after-free via kvm_ioctl_create_device()

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvmioctlcreatedevice, the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If suc...

Hyper-V Denial of Service Vulnerability

A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as ...

Information disclosure

An information disclosure flaw was found in the way the Java Virtual Machine JVM implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation in certain circumstances they had nonzero elements right after the allocation. A remote attacker cou...

CVE-2012-4420

CVE-2012-4420 affects the JVM implementation of Java SE 7 provided by OpenJDK 7, where integer arrays could be incorrectly initialized after memory allocation, allowing a remote attacker to disclose potentially sensitive information. The connected sources confirm this information disclosure in th...

Kernel: KVM: OOB memory access via mmio ring buffer

An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring-first' and 'ring-last' value could be supplied by a host user-space...

ALPINE-CVE-2019-19583

An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service guest OS crash because VMX VMEntry checks mishandle a certain case. Please see XSA-260 for background on the MovSS shadow. Please see XSA-156 for background on the need for DB...

The vulnerability of VMnetDHCP hypervisors in VMware Workstation and VMware Fusion allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of VMnetDHCP hypervisors in VMware Workstation and VMware Fusion lies in the lack of protection for service-related data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...