PT-2019-3034 · Microsoft · Hyper-V +1

Name of the Vulnerable Software and Affected Versions: Microsoft Hyper-V affected versions not specified Description: A denial of service issue exists due to improper input validation from a privileged user on a guest operating system, allowing an attacker to cause the host server to crash by...

Fedora Update for libslirp FEDORA-2019-77bafc4454

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: libslirp-4.0.0-2.fc30

A general purpose TCP-IP emulator used by virtual machine hypervisors to provide virtual networking services...

Commando VM v2.0 - The First Full Windows-based Penetration Testing Virtual Machine Distribution

Welcome to CommandoVM - a fully customizable, Windows-based security distribution for penetration testing and red teaming. For detailed install instructions or more information please see our blog Installation Install Script Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 G...

CVE-2019-1946

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementatio...

CVE-2019-1946

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementatio...

Authentication flaw

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementatio...

CVE-2019-1946 Cisco Enterprise NFV Infrastructure Software Web-Based Management Interface Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface. The vulnerability is due to an incorrect implementatio...

Cisco Enterprise NFV Infrastructure Software Web Management Interface Authentication Bypass Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. An authentication bypass vulnerability exists in the web-based management...

Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V

Remember the Reverse RDP Attack? Earlier this year, researchers disclosed clipboard hijacking and path-traversal issues in Microsoft's Windows built-in RDP client that could allow a malicious RDP server to compromise a client computer, reversely. You can find details and a video demonstration for...

Moderate: Red Hat Security Advisory: spice-gtk security and bug fix update

An update for spice-gtk, libgovirt, spice-vdagent, and virt-viewer is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

CVE-2019-14416

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality...

CVE-2019-14417

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality...

CVE-2019-14418

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existi...

CVE-2019-14416

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality...

Command injection

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality...

Command injection

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality...

PT-2019-13685 · Veritas · Veritas Resiliency Platform

Name of the Vulnerable Software and Affected Versions: Veritas Resiliency Platform versions prior to 3.4 HF1 Description: An issue allows a malicious user to execute commands with root privilege within the virtual machine, related to resiliency plans and custom script functionality...

CVE-2019-2749

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multipl...

Cisco FindIT Network Manager Static Credentials Vulnerability

Cisco FindIT Network Manager is a network management tool for deploying and maintaining Cisco 100 to 500 series switches, routers, and wireless access points. A static credentials vulnerability exists in the virtual machine VM image of Cisco FindIT Network Manager 1.1.4. The vulnerability stems...