CVE-2014-1439

The CVE-2014-1439 entry concerns HHVM (HipHop Virtual Machine for PHP). The libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp does not properly disable a certain libxml handler, enabling XML External Entity (XXE) attacks. Affected versions are HHVM before 2.4.0 and 2.3.x befo...

Adobe Flash Player Jump Opcode Information Leak Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling ...

A10 Networks AX Loadbalancer Directory Traversal

This module exploits a directory traversal flaw found in A10 Networks Soft AX Loadbalancer version 2.6.1-GR1-P5/2.7.0 or less. When handling a file download request, the xml/downloads class fails to properly check the 'filename' parameter, which can be abused to read any file outside the virtual...

[Windbgshark] Windbg extension for VM traffic manipulation and analysis

This project includes an extension for the windbg debugger as well as a driver code, which allow you to manipulate the virtual machine network traffic and to integrate the wireshark protocol analyzer with the windbg commands. The motivation of this work came from the intention to find a handy...

Important: Red Hat Security Advisory: rhev-hypervisor6 security update

An updated rhev-hypervisor6 package that fixes multiple security issues is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...

OpenJDK: JVM method processing issues (Libraries, 8029507)

Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented...

OpenJDK: JVM method processing issues (Libraries, 8029507)

Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented...

PYSEC-2014-97

Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...

PrisonLocker Ransomware Emerges From Criminal Underground

Security researchers from Malware Must Die uncovered new ransomware called PrisonLocker, and said the malware author is either a legitimate security researcher or is posing as one via a personal blog and Twitter handle. Malware Must Die has monitored PrisonLocker’s development since spotting it f...

ESXi 5.1 < Build 1312873 File Descriptors Privilege Escalation (remote check)

The remote VMware ESXi 5.1 host is affected by an error in the handling of certain Virtual Machine file descriptors. This could allow an unprivileged user with the 'Add Existing Disk' privilege to obtain read and write access to arbitrary files, possibly leading to arbitrary code execution after ...

VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX (remote check)

VMware ESXi and ESX unauthorized file access through vCenter Server and ESX OpenVAS Vulnerability Test $Id: gbVMSA-2013-0016remote.nasl 6074 2017-05-05 09:03:14Z teissa $ VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX remote check Authors: Michael Meyer...

VMware ESXi/ESX unauthorized file access through vCenter Server and ESX (VMSA-2013-0016) - Remote Version Check

VMware ESXi and ESX unauthorized file access through vCenter Server and ESX. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JVN#13154935: VMware ESX and ESXi may allow access to arbitrary files

VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files. Impact Users that have privileges to execute "Add New Disk" or "Add Existing Disk" in vCenter Server may obtain read and write access to arbitra...

DEBIAN-CVE-2013-4587

Array index error in the kvmvmioctlcreatevcpu function in virt/kvm/kvmmain.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value...

DEBIAN-CVE-2013-6376

The recalculateapicmap function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service host OS crash via a crafted ICR write operation in x2apic mode...

kvm: cross page vapic_addr access

The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service system crash via a VAPIC synchronization operation involving a page-end address...

Important: Red Hat Security Advisory: qemu-kvm-rhev, qemu-kvm-rhev-tools, qemu-img-rhev security and bug fix update

Updated qemu-kvm-rhev, qemu-kvm-rhev-tools, and qemu-img-rhev packages are now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from...

RedHat Update for qemu-kvm RHSA-2013:1553-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:267)

Updated java-1.7.0-openjdk packages fix security vulnerabilities : Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-235)

Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine...