UBUNTU-CVE-2015-8744

QEMU aka Quick Emulator built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged CAPSYSRAWIO guest user could use this flaw to crash the QEMU process instance resulting in DoS...

IBM B2B Advanced Communications Information Disclosure Vulnerability

IBM B2B Advanced Communication is a communication gateway product from IBM USA. An information disclosure vulnerability exists in IBM B2B Advanced Communications versions 1.0.0.2 and 1.0.0.3. An attacker can exploit the vulnerability to obtain sensitive information in error response messages with...

[SECURITY] Fedora 23 Update: mono-4.0.5-2.fc23

The Mono runtime implements a JIT engine for the ECMA CLI virtual machine as well as a byte code interpreter, the class loader, the garbage collector, threading system and metadata access libraries...

Stop Error "0x0000005D" or "0x000000C4" Appears When Installing Windows Server 2012 in XenServer 6.x

Stop Error "0x0000005D" or "0x000000C4" appears when starting a Virtual Machine from the Windows Server 2012 ISO, in order to install the system. The error occurs right after loading the setup files, before the actual setup starts...

QEMU heap buffer overflow vulnerability (CNVD-2015-08495)

QEMU is a suite of analog processor software. QEMU suffers from a buffer overflow vulnerability that allows an attacker to exploit the vulnerability to corrupt a VM virtual machine image and conduct a denial of service attack...

Xen 'hvm/irq.c' Denial of Service Vulnerability

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A denial of service vulnerability...

Damn Vulnerable Node Application: DVNA

Damn Vulnerable Node Application DVNA is a node.js web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid...

Xen Denial of Service Vulnerability (CNVD-2015-08402)

Xen is an open source virtual machine monitor product developed at the University of Cambridge in the United Kingdom. Xen has a security vulnerability that allows an attacker to exploit the vulnerability to crash the host with virtual machine administrator privileges to conduct a denial of servic...

Ubuntu: Security Advisory (USN-2840-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Update Rollup 9 for Microsoft Azure Site Recovery Provider

Describes Update Rollup 8 for Microsoft Azure Site Recovery Provider. Includes a summary of the issues that this rollup fixes.IntroductionThis article describes the fixes that are included in Update Rollup 9 version 5.1.1300 for Microsoft Azure Site Recovery Provider. Learn about the details of t...

RHEV: vdsm spice disable-ticketing and VM suspend and restore allows auth bypass

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows...

UBUNTU-CVE-2015-8104

The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service host OS panic or hang by triggering many DB aka Debug exceptions, related to svm.c...

USN-2806-1 linux-lts-vivid vulnerability

Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service system crash in the host OS...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerability (USN-2805-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2805-1 advisory. Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtu...

Failed to Create New Virtual Machine Using XenDesktop Setup Wizard

Failed to create new virtual machine using XenDesktop setup wizard. The following error message is displayed: "Unable to access the virtual machine configuration: Unable to access file FILEPATH/FILENAME.vmtx"...

The vulnerability of the Oracle Database database management system allows a hacker to trigger a service failure.

The vulnerability of the Java VM component of the Oracle Database management system is related to errors in the code. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the Oracle Database database management system allows a hacker to execute arbitrary code with administrator privileges.

The vulnerability of the Java VM component of the Oracle Database management system is related to errors in the code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with administrator privileges remotely...

Xen Denial of Service Vulnerability (CNVD-2015-07245)

Xen is an open source virtual machine monitor product developed at the University of Cambridge in the United Kingdom. A security vulnerability exists in the 'libxlbuildpost' function in the tools/libxl/libxldom.c file and in the 'libxlsetmemory target' functions, due to a security flaw in the...

Xen elevation of privilege vulnerability (CNVD-2015-07060)

Xen is an open source virtual machine that is the foundation for virtualizing cloud computing. An elevation of privilege vulnerability exists in versions prior to Xen 3.4. An attacker can elevate privileges to take control of the entire system, leading to the escape of a virtual machine and posin...

jdk7-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...