77 matches found
EUVD-2016-3354
Malware in sbrugna...
EUVD-2015-4128
Malware in sbrugna...
EUVD-2020-21848
Malware in sbrugna...
EUVD-2011-2874
Malware in sbrugna...
EUVD-2013-1954
Malware in sbrugna...
EUVD-2020-21850
Malware in sbrugna...
XAPI UTF-8 string handling
ISSUE DESCRIPTION There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of the...
Linux Distros Unpatched Vulnerability : CVE-2020-29480
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest...
CVE-2024-5661
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive...
SUSE CVE-2014-1642
The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service memory corruption and hypervisor crash and possibly...
SUSE CVE-2016-9105
Memory leak in the v9fslink function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service memory consumption via vectors involving a reference to the source fid object...
SUSE CVE-2020-29482
An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...
SUSE CVE-2020-29480
An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest...
VMware ESXi 竞争条件问题漏洞
Vmware VMware ESXi is a server virtualization platform from Vmware that can be installed directly on physical servers. A Competing Conditions Issue vulnerability exists in VMware ESXi, which stems from a double fetch vulnerability in the product's UHCI USB controller. A remote user with...
Vulnerabilities fixed in Citrix Hypervisor
Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a malicious person with administrator privileges within the guest VM to cause a denial-of-service on the host and execute arbitrary code. Citrix has released updates to fix the vulnerabilities. More information ca...
SUSE: Security Advisory (SUSE-SU-2018:2410-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:2410-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux: special config may crash when trying to map foreign pages
ISSUE DESCRIPTION With CONFIGXENBALLOONMEMORYHOTPLUG disabled and CONFIGXENUNPOPULATEDALLOC enabled the Linux kernel will use guest physical addresses allocated via the ZONEDEVICE functionality for mapping foreign guest's pages. This will result in problems, as the p2m list will only cover the...
Vulnerabilities fixed in Citrix Hypervisor
Vulnerabilities have been fixed in the Citrix Hypervisor. The vulnerabilities allow a malicious person with administrator privileges within the guest VM to cause a denial-of-service on the host. Citrix has released updates to fix the vulnerabilities. More information can be found on the page belo...
Xen xenstore watch notification Information Disclosure (XSA-115)
"According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an information disclosure vulnerability due to a lack of permission checks for xenstore watch event reporting. A guest administrator can watch the root xenstored node, which will cause...