Windows Hyper-V Denial of Service Vulnerability

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the...

VMware WorkStation 12.5.5 - Virtual Machine Escape

VMware WorkStation 12.5.5 - Virtual Machine Escape VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.5 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. Not quite elaborate...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

The VMware virtual machine escape patch analysis-vulnerability warning-the black bar safety net

One, Foreword A virtual machine refers to the installation in the normal host machineOSwithin a fully isolated clientoperating system. Virtual machine escape refers to the breakthrough of the virtual machine limit, with the host machineOSthe interaction of a process, an attacker can through a...

[SECURITY] Fedora 26 Update: open-vm-tools-10.1.5-5.fc26

The open-vm-tools project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve t he functionality, user experience and administration of VMware virtual machine s. This package contains only the core user-space programs and...

FLARE VM: The Windows Malware Analysis Distribution You’ve Always Needed!

As a reverse engineer on the FLARE Team I rely on a customized Virtual Machine VM to perform malware analysis. The Virtual Machine is a Windows installation with numerous tweaks and tools to aid my analysis. Unfortunately trying to maintain a custom VM like this is very laborious: tools frequentl...

Vmware virtual machine escape Vulnerability CVE-2017-4901）Exploit code analysis and use-vulnerability and early warning-the black bar safety net

0×01 event analysis 2017 7 on 19 unamer in its github released a for Vmware virtual machine escape exploit source code, using C++. The alleged impact of Vmware Workstation 12.5.5 the previous version, and gives a demonstration of the process, to achieve a from the virtual machine to the host...

Virtual Machine Automation (vm-automation) repository released

Rapid7 just released a new public repo called vm-automation. The vm-automation repository is a Python library that encapsulates existing methodologies for virtual machine and hypervisor automation and provides a platform-agnostic Python API. Currently, only ESXi and VMWare workstation are...

Unspecified Vulnerability in Oracle Database Server (CNVD-2017-18569)

Oracle Database Server is an object-relational database management system. It provides an open, comprehensive, and integrated approach to information management. Oracle Database Server versions 11.2.0.4, 12.1.0.2, 12.2.0.1 contain a security vulnerability in the OJVM implementation that can be...

Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0086)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Virtuozzo 6 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0036)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Product update: Virtuozzo Automator 7.0 Update 2 Hotfix 2 (VA MN: 7.0.2-403, VA Agent: 7.0.2-189)

This hotfix for Virtuozzo Automator 7.0.2 provides stability and usability bug fixes. Vulnerability id: PVA-37045 The Management Node did not recognize bonded network during VLAN creation. Vulnerability id: PVA-37041 Could not create virtual network for a VLAN created by the Virtuozzo installer...

Failed to Start a VM Error : The SR Failed to Complete the Operation

The SR failed to complete the operation...

Kernel: Kvm: vmx/svm potential privilege escalation inside guest

Linux kernel built with the Kernel-based Virtual Machine CONFIGKVM support was vulnerable to an incorrect segment selectorSS value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resultin...

Xen 'xen/arch/x86/irq.c' Denial of Service Vulnerability

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has a denial of service...

GLSA-201706-21 : nettle: Information disclosure

The remote host is affected by the vulnerability described in GLSA-201706-21 nettle: Information disclosure It was found that nettles RSA and DSA decryption code was vulnerable to cache-related side channel attacks. See the referenced technical paper Cache Attacks Enable Bulk Key Recovery on the...

UBUNTU-CVE-2017-7518

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flagTF bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exceptionDB being raised in the guest stack. A user/process inside a guest could use this flaw to...

Important: Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update

An update for qemu-kvm-rhev is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Oracle Linux 7 : qemu-kvm (ELSA-2017-1430)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-1430 advisory. 1.5.3-126.el73.9 - kvm-spice-fix-spicechraddwatch-pre-condition.patch bz1452332 - Resolves: bz1452332 RHEL 7.2 based VM Virtual Machine hung for severa...