Design/Logic Flaw

IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine...

CVE-2015-0192

Technical details for CVE-2015-0192 are not provided in the connected documents. The initial description names IBM Java vulnerabilities but does not specify affected products, versions, vectors, or fixes in the supplied sources. Monitor for updates.

CVE-2015-0192

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine...

SA97 : Malware Analysis Appliance VM Escape

SUMMARY The Malware Analysis Appliance MAA is vulnerable to a virtual machine escape where a sample being analyzed could change content and destination path of files being saved on the hosts file system during analysis. Correct manipulation of the path and content could lead to code execution or...

Incident Response Malware Analysis: IRMA

Incident Response Malware Analysis: IRMA is an asynchronous and customizable analysis platform for suspicious files! IRMA intends to be an open-source platform designed to help identifying and analyzing malicious files. However, today’s defense is not only about learning about a file, but it is...

Web Security Dojo

Web Security Dojo is a preconfigured, stand-alone training environment for Web Application Security. Virtualbox and VMware versions are available for download. Dojo is an open source project intended to be used as a training environment, and shouldn’t be used as a pen-testing platform due to the...

DEBIAN-CVE-2015-4164

The compatiret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service large loop and system hang via a hypercalliret call with EFLAGS.VM set...

JDK: unspecified Java sandbox restrictions bypass

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine...

Ubuntu: Security Advisory (USN-2631-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hyper-V Virtual Machine Detection

Binary data hypervdetect.nbin...

CentOS Update for kmod-kvm CESA-2015:1003 centos5

Check the version of kmod-kvm SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882193";...

Security Advisory - VENOM Vulnerability in Huawei Products

Huawei has noticed the buffer overflow vulnerability in the floppy disk controller FDC of QEMU disclosed by open source organization Xen. This vulnerability allows an attacker to escape out of the virtual machine, execute code on the physical host with full privilege. Vulnerability ID:...

Thermostat User Certificate Acquisition Vulnerability

Thermostat is a suite of monitoring instrumentation tools that support monitoring multiple JVM instances in OpenJDK HotSpot virtual machines. Thermostat failed to properly set web.xml file permissions, allowing a local attacker to obtain user credentials by reading the file...

Virtio-win Denial of Service Vulnerability

virtio-win is a driver product for Windows systems. A denial of service vulnerability exists in virtio-win, which allows attackers to exploit the vulnerability to crash a virtual machine system...

RedHat Update for qemu-kvm RHSA-2015:0998-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for kernel CESA-2015:1042 centos5

Check the version of kernel SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882189";...

thermostat: world-readable configuration file containing credentials

It was discovered that the Thermostat web application stored database authentication credentials in a world-readable configuration file. A local user on a system running the Thermostat web application could use this flaw to access and modify monitored JVM data, or perform actions on connected JVM...

Xen Denial of Service Vulnerability (CNVD-2015-03572)

Xen is an open source virtual machine monitor. Xen versions 3.3.x-4.5.x, fail to properly restrict access to the PCI MSI mask bit, which can be exploited by native x86 HVM clients to cause a denial of service unexpected outage and host crash...

PT-2015-1324 · Qemu +5 · Qemu +5

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: The issue is caused by a heap-based buffer overflow in the PCNET controller. Exploitation of this issue may allow a remote attacker to execute arbitrary code by sending a packet with TXSTATUS...

UBUNTU-CVE-2015-4106

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service host crash, obtain sensitive information, or possibly have other unspecified impact via unknown vectors...