Xen Project HLE Transaction 'XACQUIRE' DoS (XSA-282)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a guest-to-host denial of service vulnerability. Only Intel based x86 systems are affected. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did...

kernel: Privilege escalation on arm64 via KVM hypervisor

A vulnerability was discovered in the Linux kernel that allows an attacker to escalate privileges with using a 64-bit ARM architecture. A local attacker with permission to create KVM-based virtual machines can both panic the hypervisor by triggering an illegal exception return resulting in a DoS...

Important: Red Hat Security Advisory: kernel-alt security and bug fix update

An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

[SECURITY] Fedora 27 Update: xen-4.9.3-3.fc27

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 29 Update: xen-4.11.0-10.fc29

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

VirtualBox virtual machine latest escape vulnerability E1000 0day detailed analysis of under-vulnerability warning-the black bar safety net

Recently, Russian security researcher Sergey Zelenyuk released for VirtualBox 5.2.20 early version of the zero-day exploit detailed information, these versions can allow an attacker to escape the virtual machine and executed on the host RING 3-layer code. Then, the attacker can take advantage of...

[SECURITY] Fedora 29 Update: xen-4.11.0-9.fc29

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Debian DLA-1577-1 : xen security update

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation. For Debian 8 'Jessie', these problems have been fixed in version 4.4.4lts4-0+deb8u1. We recommend that you upgrade your xen packages. NOTE:...

[SECURITY] [DLA 1577-1] xen security update

Package : xen Version : 4.4.4lts4-0+deb8u1 CVE ID : CVE-2018-7540 CVE-2018-7541 CVE-2018-8897 CVE-2018-12891 CVE-2018-12893 CVE-2018-15469 CVE-2018-15470 Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege...

[SECURITY] Fedora 28 Update: xen-4.10.2-2.fc28

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 27 Update: xen-4.9.3-2.fc27

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2018-4270)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4270 advisory. - scsi: sg: mitigate read/write abuse Jann Horn Orabug: 28824731 CVE-2017-13168 - infiniband: fix a possible use-after-free bug Cong Wang Orabug:...

Oracle Linux 6 : spice-server (ELSA-2018-3522)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-3522 advisory. - Prevent potential buffer/integer overflows with invalid MonitorsConfig messages sent from an authenticated client Resolves: CVE-2017-7506 Tenable has extracte...

Amazon Linux 2 : kernel (ALAS-2018-1100)

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.CVE-2018-17972 A...

Amazon Linux AMI : kernel (ALAS-2018-1100)

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.CVE-2018-17972 A...

[SECURITY] Fedora 29 Update: xen-4.11.0-8.fc29

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

F5 Networks BIG-IP : Side-channel processor vulnerabilities (K91229003)

The following three side-channel attacks were publicly disclosed on January 3, 2018 : CVE-2017-5715 Spectre-BTB previously known as Spectre Variant 2 Branch target injection Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosu...

CVE-2018-18883

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service NULL pointer dereference or possibly have unspecified other impact because nested VT-x is not properly restricted...

macOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-005)

The remote host is running Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - afpserver - AppleGraphicsControl - APR - ATS - CFNetwork - CoreAnimation - CoreCrypto - CoreFoundation - CUPS - Dictionary -...

Debian DLA-1559-1 : xen security update

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, informations leaks or privilege escalation. For Debian 8 'Jessie', these problems have been fixed in version 4.4.4lts3-0+deb8u1. We recommend that you upgrade your xen packages. NOTE:...