CVE-2017-8158

FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine VM processes to exhaust system resources. Successful exploit...

CVE-2017-8158

FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine VM processes to exhaust system resources. Successful exploit...

Memory corruption

The biomapuseriov and biounmapuser functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bioaddpcpage function merges them into one, but the page reference is never dropped. This...

CVE-2017-12190

The biomapuseriov and biounmapuser functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bioaddpcpage function merges them into one, but the page reference is never dropped. This...

CVE-2017-12190

CVE-2017-12190 affects the Linux kernel before 4.13.8. The issue arises in the SCSI I/O path where bio_map_user_iov and bio_unmap_user perform unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one,...

USN-3488-1 linux-azure vulnerability

It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS...

Cisco Umbrella Insights Virtual Appliances Local Elevation of Privilege Vulnerability

Cisco Umbrella Insights Virtual Appliances is a cloud-based secure Internet gateway appliance from Cisco USA. A local elevation of privilege vulnerability exists in Cisco Umbrella Insights Virtual Appliances version 2.1.0 and earlier, which stems from the program's use of default static user...

The vulnerability of the class verifier in the IBM J9 VM allows a hacker to disable the security controller and increase their privileges.

The vulnerability of the class verifier in the IBM J9 VM is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to disable the security controller and gain increased privileges...

USN-3468-2 linux-hwe vulnerabilities

USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs...

Update Rollup 3 for System Center 2016 Virtual Machine Manager

Update Rollup 3 for System Center 2016 Virtual Machine Manager Introduction This article describes the issues that are fixed in Update Rollup 3 for Microsoft System Center 2016 Virtual Machine Manager. There are two updates available for Virtual Machine Manager, one for the Virtual Machine Manage...

Update Rollup 13 for System Center 2012 R2 Virtual Machine Manager

Update Rollup 13 for System Center 2012 R2 Virtual Machine Manager Introduction This article describes the issues that are fixed in Update Rollup 13 for Microsoft System Center 2012 R2 Virtual Machine Manager. There are two updates available for Virtual Machine Manager, one for the Virtual Machin...

Update Rollup 4 for System Center 2016 Virtual Machine Manager

Update Rollup 4 for System Center 2016 Virtual Machine Manager Introduction This article describes the issues that are fixed in Update Rollup 4 for Microsoft System Center 2016 Virtual Machine Manager. There are three updates that are available for Virtual Machine Manager, one for the Virtual...

CVE-2017-10190

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Jav...

Unspecified Vulnerability in Oracle Database Server (CNVD-2017-30893)

Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. An unspecified vulnerability exists in the Java VM component of Oracle Database Server, which could be exploited by an attacker to...

PT-2017-12394 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13.8 Description: The issue is related to unbalanced refcounting in the Linux kernel when handling SCSI I/O vectors with small consecutive buffers belonging to the same page. This occurs because the bio add pc...

Joyent SmartOS Hyprlofs FS IOCTL Native File System Integer Overflow Privilege Escalation Vulnerability(CVE-2016-8733)

Summary An exploitable integer overflow exists in the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel...

Storefront 3.7 - Need's To Have Friendly Name Show Up Instead Of Delivery Group.

When he opens the Storefront it will give him the Delivery Group Name but he needs the VM name to show up...

Linux kernel KVM subsystem input validation vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the U.S. KVM Kernel-based Virtual Machine is a virtualization infrastructure used in it. A security vulnerability exists in the KVM subsystem in Linux kernel 4.13.3 and earlier versions. A local...

DEBIAN-CVE-2017-12168

The accesspmuevcntr function in arch/arm64/kvm/sysregs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service assertion failure and host OS crash by accessing the Performance Monitors Cycle Count Register PMCCNTR...

rVMI: Perform Full System Analysis with Ease

Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered through this process is often crucial in gaining a full understanding of a sample. When...