Oracle VirtualBox crServerDispatchGetMaterialfv Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle VirtualBox crServerDispatchGetTexGeniv Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle VirtualBox crServerDispatchGetLightfv Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Oracle VirtualBox crServerDispatchGetVertexAttribdvARB Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

(Pwn2Own) VMware Workstation UHCI Out-Of-Bounds Access Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing ...

OPENSUSE-SU-2019:1199-1 Recommended update for xen

This update for xen fixes the following issues: Security issues fixed: - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service DoS. XSA-282 bsc1114988 - Fixed an issue which could allow malicious PV guests may cause a host crash or gain...

The vulnerability of Xen hypervisors arises from the unsafe combination of small IOMMUs with larger ones, allowing attackers to increase their privileges.

The vulnerability of Xen hypervisors relates to the insecure combination of small IOMMUs with larger ones. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of Xen hypervisors arises from insufficient data processing during the transfer of an address to the TLB reset code, allowing a malicious actor to trigger a service failure.

The vulnerability of Xen hypervisors is related to an error in the address transfer during the TLB flush code. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the xen_failsafe_callback function in Xen hypervisors allows a malicious actor to trigger a service failure or increase their privileges.

The vulnerability of the xenfailsafecallback function in Xen hypervisors is related to deficiencies in access control. Exploiting this vulnerability could allow a attacker running on a guest OS to cause service failures or increase their privileges...

The vulnerability of Xen hypervisors, related to errors in clearing the Translation Lookaside Table (TLB) buffer, allows attackers to enhance their privileges.

The vulnerability of Xen hypervisors is related to an erroneous TLB write-after-IOMMU mapping. Exploiting this vulnerability can allow attackers to enhance their privileges...

macOS < 10.14 Multiple Vulnerabilities

Binary data 700518.prm...

Mac OS X 10.10.x < 10.10.3 Multiple Vulnerabilities

Binary data 700510.prm...

DEBIAN-CVE-2019-3887

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...

CVE-2019-3887

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...

Design/Logic Flaw

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...

CVE-2019-3887

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...

CVE-2019-3887

CVE-2019-3887 covers a KVM x2APIC MSR access flaw that can allow a L1 guest to read L0 APIC values via a L2 guest when nested virtualization is enabled, potentially crashing the host kernel (DoS). Affected: Linux kernel with nested=1 supporting x2APIC mode; cited in multiple Unity Linux/Nessus ad...

CVE-2019-3887

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister MSR access with nested=1 virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash t...

SUSE-SU-2019:0901-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.176 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc1129179. - CVE-2019-9213: expanddownwards ...

EulerOS Virtualization 2.5.3 : kvm (EulerOS-SA-2019-1255)

According to the version of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating ...