LoudMiner Cryptominer Uses Linux Image and Virtual Machines

An unusual cryptocurrency miner, dubbed LoudMiner, is spreading via pirated copies of Virtual Studio Technology. It uses virtualization software to mine Monero on a Tiny Core Linux virtual machine – a unique approach, according to researchers. Virtual Studio Technology VST is an audio plug-in...

Vmware Workstation Privilege Permission and Access Control Vulnerability (CNVD-2019-07559)

VMware Workstation is a set of virtual machine software from VMware. The software provides the ability to run multiple virtual machines with different operating systems at the same time. An elevation of privilege vulnerability exists in Vmware Workstation versions 15.x and 14.x. An attacker could...

Oracle VM VirtualBox Access Control Error Vulnerability (CNVD-2019-27293)

Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The solution is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...

CVE-2016-2074

creationtimestamp| type| source ---|---|--- 2018-12-31 06:47:32+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuuksia-citrix-xenserver-virtualisointiohjelmistossa...

CVE-2018-7540

creationtimestamp| type| source ---|---|--- 2018-12-31 06:47:32+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuuksia-citrix-xenserver-virtualisointiohjelmistossa...

DEBIAN-CVE-2018-16847

An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvmecmbops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU...

Web Testing Framework Samurai

The Samurai Web Testing Framework is a virtual machine, supported on VirtualBox and VMWare, that has been pre-configured to function as a web pen-testing environment. The VM contains the best of the open source and free tools that focus on testing and attacking websites. In developing this...

ThreatList: Virtualization-related Bug Reports Jump 275 Percent in 2018

Zero Day Initiative said Monday that so far in 2018, it has published 600 advisories – up 33 percent from the 451 published in 2017, which was previously its “busiest year ever.” “Interestingly, we had fewer advisories released as 0-day this year,” the company said in its mid-year report on...

How to clone a XenMobile over Hyper - V 2016?

Clone a XenMobile node over Hyper - V 2016...

The vulnerability of VMware Player allows users of the guest operating system to execute code on the host operating system.

The vulnerability of the TPInt.dll library in VMware Player’s hypervisor is related to resource management errors. Exploiting this vulnerability allows users of the guest operating system to execute code on the host operating system...

CVE-2016-0495

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core...

UBUNTU-CVE-2015-7504

Heap-based buffer overflow in the pcnetreceive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service instance crash or possibly execute arbitrary code via a series of packets in loopback mode...

UBUNTU-CVE-2015-7295

hw/virtio/virtio.c in the Virtual Network Device virtio-net support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service guest network consumption via a flood of jumbo frames on the 1 tuntap or 2 macvtap interface...

Unspecified Vulnerability in Oracle Virtualization VirtualBox (CNVD-2015-06962)

Oracle Virtualization VirtualBox is an open source virtual machine software from Oracle. An unspecified vulnerability exists in Oracle Virtualization VirtualBox versions prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, 5.0.8. Allows remote attackers to affect availability via unspecified vectors with...

Record-Breaking Deal: Dell to Buy EMC for $67 Billion

Yes, Dell is going to acquire data storage company EMC in a deal worth $67 BILLLLLLION – the largest tech deal of all time. It's record-breaking... Computing giant Dell on Monday finally confirmed that the company is indeed going to purchase the company for creating what it calls "the world’s...

Oracle Patches Java Zero Day

Oracle has released its quarterly patch update, which includes fixes for nearly 200 vulnerabilities. The most notable bug fixed in this release is the Java zero day that’s been used in an ongoing attack campaign. The massive release from Oracle has patches for a long list of products, but the Jav...

VMS users please note:Venom vulnerability than Heartbleed also risk-vulnerability warning-the black bar safety net

Data centers are mostly using the host system management program host hypervisior to isolate a single server to run multiple virtual machine instances, but this is the underlying structure, it is found that the presence of the 1 0 years of“virtual environments neglected of business operation”in t...

Several Factors Mitigate VENOM's Utility for Attackers

The divisive VENOM vulnerability—marketing logo and all—has been good for three solid days of debate and angst over its severity, ease of exploitation and risks. The first public proof-of-concept exploit, however, may aid in calming some of the anxiety around the bug, which is proving difficult t...

openSUSE Security Update : xen (openSUSE-2015-113)

The virtualization software XEN was updated to version 4.3.3 and also to fix bugs and security issues. Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113:...

Security update for xen (important)

The virtualization software XEN was updated to version 4.3.3 and also to fix bugs and security issues. Security issues fixed: CVE-2015-0361: XSA-116: xen: xen crash due to use after free on hvm guest teardown CVE-2014-9065, CVE-2014-9066: XSA-114: xen: p2m lock starvation CVE-2014-9030: XSA-113:...