4438 matches found
rVMI: Perform Full System Analysis with Ease
Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered through this process is often crucial in gaining a full understanding of a sample. When...
Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1304 We have discovered that the win32k!NtGdiDoBanding system call discloses portions of uninitialized kernel stack memory to user-mode clients. More specifically, exactly 8 bytes of uninitialized kernel stack memory are copied t...
Xen 'mm.c' Remote Elevation of Privilege Vulnerability
Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in X...
Provisioning services 7.x vdisk Imaging Procedure
To perform imaging sometimes after performing reverse imaging to create a new vDisk from a virtual machine on any residing hypervisor...
UBUNTU-CVE-2017-14317
A domain cleanup issue was discovered in the C xenstore daemon aka cxenstored in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it including domain...
DEBIAN-CVE-2017-14317
A domain cleanup issue was discovered in the C xenstore daemon aka cxenstored in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it including domain...
Design/Logic Flaw
Blue Coat Malware Analysis Appliance MAA before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service host reboot or reset to factory defaults, or execute arbitrary code via vector...
CVE-2015-4523
Blue Coat Malware Analysis Appliance MAA before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service host reboot or reset to factory defaults, or execute arbitrary code via vector...
Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform
Lab for Java Deserialization Vulnerabilities This content is...
SDX -Memory Showing Less Than Expected on GUI
Memory is showing as 32 GB instead of the expected 48 GB on SVM GUI...
Important: Red Hat Security Advisory: rh-maven33-groovy security update
An update for rh-maven33-groovy is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
NetApp Clustered Data ONTAP Information Disclosure Vulnerability (CNVD-2017-24378)
NetApp Clustered Data ONTAP is a set of storage operating system for clustered mode from American NetApp. The system supports users to enhance the performance of enterprise applications and improve data center flexibility and so on. An information disclosure vulnerability exists in NetApp Cluster...
CentOS 7 : groovy (CESA-2017:2486)
An update for groovy is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
How To Add Additional Storage to an Existing SD-WAN Center VM
The objective of this article is to provide assistance on how to add some additional storage from what was initially configured during the initial import of a NetScaler SD-WAN Center VM...
Udp2raw-tunnel - A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket [Bypass UDP FireWalls]
A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls or Unstable UDP Environment. Its Encrypted, Anti-Replay and Multiplexed.It also acts as a Connection Stabilizer. Support Platforms A Linux host including desktop Linux, Android...
[SECURITY] Fedora 25 Update: groovy18-1.8.9-28.fc25
Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java byte-code so you can use it anywhere you c...
[SECURITY] Fedora 26 Update: groovy18-1.8.9-28.fc26
Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java byte-code so you can use it anywhere you c...
Xen Information Disclosure Vulnerability (CNVD-2017-28630)
Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. There is a security vulnerability in...
PYSEC-2017-145
OpenStack Compute nova Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for...
Mystery Company Offers $250,000 Bounty for VM Escape Vulnerabilities
An unnamed company will start an eight-week, invite-only bug bounty program in September that offers a $250,000 payout for virtual-machine escape vulnerabilities tied to an unreleased product. Bugcrowd announced the program today, and said the high-priced bounty is the largest advertised bounty o...