How to Collect XenServer Guest VM Operation Log

This article explains how to collect XenServer guest vm operation log...

The vulnerability of the management tool for virtual infrastructure, VMware vCenter Server, related to the ability to bypass authentication procedures, allows attackers to trigger a service failure.

The vulnerability of the VMware vCenter Server virtualization infrastructure management tool is related to the bypassing of authentication procedures. Exploiting this vulnerability allows an attacker, operating remotely, to cause service failures by sending specially crafted ARP packets during th...

Facebook HHVM Buffer Overflow Vulnerability (CNVD-2019-02528)

Facebook HHVM aka HipHop Virtual Machine is a virtual machine from Facebook that significantly improves the performance of loading dynamic pages in PHP. A buffer overflow vulnerability exists in the 'numberformat' function in Facebook HHVM versions 3.30.1 and earlier and 3.27.5 and earlier, which...

Oracle VM VirtualBox Access Control Error Vulnerability (CNVD-2019-27278)

Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The solution is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...

Unspecified Vulnerability in Oracle Database Server Java VM (CNVD-2019-27100)

Oracle Database Server is the United States Oracle Oracle company's set of relational database management system. Java VM is one of the Java virtual machine components. A security vulnerability exists in the Java VM component of Oracle Database Server. A remote attacker could exploit this...

Remote Code Execution (RCE)

python-rdomanager-oscplugin is vulnerable to remote code execution RCE attacks. The vulnerability exists as a design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on...

Arbitrary Code Execution

java-1.6.0-ibm is vulnerable to arbitrary code execution attacks. The vulnerability exists as a buffer overflow in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.4...

Remote Code Execution (RCE)

openjdk is vulnerable to remote code execution RCE. An integer overflow occurs when the 2D component processes malicious sample model instances, allowing a remote attacker to corrupt memory and execute arbitrary code with virtual machine privileges...

Arbitrary Code Execution

openjdk is vulnerable to arbitrary code execution attacks. The vulnerability exists as a format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute...

Hack Allows Escape of Play-with-Docker Containers

Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The proof-of-concept hack does not impact production Docker instances, according to CyberArk researchers that developed the...

Packabit project: building Nmap deb packages for Ubuntu

During the long New Year holidays 30 dec - 8 jan I started a new project: Vagrant-based Linux package builder called Packabit. I thought it might be nice to have scripts that will automatically build a Linux packages from sources and will NOT litter main system with unnecessary packages. Somethin...

Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever

Well, there's some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online ch...

DEBIAN-CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

Facebook HHVM Buffer Overflow Vulnerability

Facebook HHVM aka HipHop Virtual Machine is a virtual machine from Facebook that significantly improves the performance of loading dynamic pages in PHP. A stack out-of-bounds read vulnerability exists in the 'Memcache::getextendedstats' function in Facebook HHVM versions 3.30 and earlier and 3.27...

Facebook HHVM has an unspecified vulnerability

Facebook HHVM aka HipHop Virtual Machine is a virtual machine from Facebook that significantly improves the performance of loading dynamic pages in PHP. A security vulnerability exists in Facebook HHVM versions 3.25.1 and earlier, 3.24.5 and earlier, and 3.21.9 and earlier. Detailed vulnerability...

Facebook HHVM Denial of Service Vulnerability (CNVD-2019-37157)

Facebook HHVM aka HipHop Virtual Machine is a virtual machine from Facebook that significantly improves the performance of loading dynamic pages in PHP. A security vulnerability exists in Facebook HHVM versions 3.25.2 and earlier, 3.24.6 and earlier, and 3.21.10 and earlier, which stems from...

UBUNTU-CVE-2018-6340

The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM 3.30 and 3.27.4 and below...

UBUNTU-CVE-2018-6334

Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch 3.25.1, 3.24.5, and 3.21.9 and below...

UBUNTU-CVE-2018-6335

A Malformed h2 frame can cause 'std::outofrange' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM 3.25.2, 3.24.6, and 3.21.10 and below when using the proxygen server to handle HTTP2 requests...

Linux kernel KVM hypervisor memory misreference vulnerability

Linux kernel is the kernel used by the operating system Linux released by the Linux Foundation in the U.S. KVM hypervisor is one of the kernel-based virtual machines. A memory misreference vulnerability exists in the KVM hypervisor in the Linux kernel. An attacker could exploit this vulnerability...