CVE-2010-2938

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure VMCS implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux RHEL 5, when an Intel platform without Extended Page Tables EPT functionality is used, accesses VMCS fields without verifying hardware support for these...

DEBIAN-CVE-2010-2938

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure VMCS implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux RHEL 5, when an Intel platform without Extended Page Tables EPT functionality is used, accesses VMCS fields without verifying hardware support for these...

Design/Logic Flaw

arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure VMCS implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux RHEL 5, when an Intel platform without Extended Page Tables EPT functionality is used, accesses VMCS fields without verifying hardware support for these...

Debian DSA-2101-1 : wireshark - several vulnerabilities

Several implementation errors in the dissector of the Wireshark network traffic analyzer for the ASN.1 BER protocol and in the SigComp Universal Decompressor Virtual Machine may lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

kmod, kvm security update

CentOS Errata and Security Advisory CESA-2010:0627 Updated kvm packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...

kvm: vmx null pointer dereference

The Hypervisor aka rhev-hypervisor in Red Hat Enterprise Virtualization RHEV 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service NULL pointer dereference and host OS crash via vectors related to instruction emulation...

CVE-2010-2239

Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors...

wireshark: SigComp UDVM dissector buffer overruns

Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors...

Mandriva Linux Security Advisory : wireshark (MDVSA-2010:113)

This advisory updates wireshark to the latest versions, fixing several security issues : The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service NULL pointer dereference via unknown vectors CVE-2010-2283. Buffer overflow i...

VMware Virtual Machine detection (dmidecode)

According to the DMI information, the remote host is a VMware virtual machine. Since it is physically accessible through the network, ensure that its configuration matches your organization's security policy. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid47761;...

VirtualBox Virtual Machine detection (dmidecode)

According to the DMI information, the remote host is a VirtualBox virtual machine. Since it is physically accessible through the network, ensure that its configuration matches your organization's security policy. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid47801;...

VirtualPC Virtual Machine detection (dmidecode)

According to the DMI information, the remote host is a VirtualPC virtual machine. Since it is physically accessible through the network, ensure that its configuration matches your organization's security policy. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid47800;...

New Linux OS REMnux Designed For Reverse Engineering Malware

A security expert has released a stripped-down Ubuntu distribution designed specifically for reverse-engineering malware. The OS, called REMnux, includes a slew of popular malware-analysis, network monitoring and memory forensics tools the comprise a very powerful environment for taking apart...

flash-plugin: Arbitrary code execution by opening a specially-crafted PDF file with malicious SWF content (APSA10-01)

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted SW...

ZDI-10-114: Adobe Flash Player AVM2 getouterscope Opcode Remote Code Execution Vulnerability

ZDI-10-114: Adobe Flash Player AVM2 getouterscope Opcode Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-114 June 25, 2010 -- CVE ID: CVE-2010-2160 -- Affected Vendors: Adobe -- Affected Products: Adobe Flash Player -- TippingPointTM IPS Customer Protection:...

Adobe Flash Player AVM2 getouterscope Opcode Remote Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required in that a target must visit a malicious web page. The specific vulnerability exists within the parsing of an undocumented opcode within Adobe's ActionScrip...

vdsm: missing VM post-zeroing after removal

Previously, the ISO image domain could not be shared with multiple Data Centers. The user had to define an independent ISO domain for each Data Center. With this update, the ISO image domain can be shared between multiple Data Centers...

CVE-2010-2160

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, relat...

Memory corruption

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, relat...

CVE-2010-2160

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, relat...