CVE-2016-8442

Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR1038173...

[SECURITY] Fedora 24 Update: xen-4.6.4-5.fc24

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly execute arbitrary code with the privileges of the process, could gain privileges on t...

CVE-2016-7463

Cross-site scripting XSS vulnerability in the Host Client in VMware vSphere Hypervisor aka ESXi 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM...

Cross site scripting

Cross-site scripting XSS vulnerability in the Host Client in VMware vSphere Hypervisor aka ESXi 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM...

CVE-2016-7463

The CVE-2016-7463 issue affects VMware ESXi (Host Client) on vSphere Hypervisor 5.5 and 6.0. The vulnerability is a stored cross-site scripting (XSS) flaw caused by improper validation of user-supplied input, exploitable by an authenticated, remote attacker who can import a specially crafted VM t...

[SECURITY] Fedora 25 Update: xen-4.7.1-6.fc25

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 24 Update: xen-4.6.4-4.fc24

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Xen Denial of Service Vulnerability (CNVD-2016-12994)

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A denial of service vulnerability...

SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2016:3208-1)

This update for xen fixes the following issues : - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. XSA-204, bsc1016340, CVE-2016-10013 - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure...

CVE-2016-10025

VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions aka SVM allows local HVM guest OS users to cause a denial of service hypervisor crash by leveraging a missing NULL pointer check...

SUSE-SU-2016:3208-1 Security update for xen

This update for xen fixes the following issues: - A Mishandling of SYSCALL singlestep during emulation which could have lead to privilege escalation. XSA-204, bsc1016340, CVE-2016-10013 - CMPXCHG8B emulation failed to ignore operand size override which could have lead to information disclosure...

x86: missing NULL pointer check in VMFUNC emulation

ISSUE DESCRIPTION When support for the Intel VMX VMFUNC leaf 0 was added, a new optional function pointer hvmemulvmfunc was added to the hvmemulateops table. As is intended, that new function pointer is NULL on non-VMX hardware, including AMD SVM hardware. However at a call site, the necessary NU...

Xen: qemu ioport out-of-bounds array access (XSA-199)

An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially...

VMware Releases Security Update

VMware has released a security update to address a vulnerability in vSphere Hypervisor ESXi. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2016-0023 and...

Xen elevation of privilege vulnerability (CNVD-2016-12848)

Xen is an open source virtual machine monitor product developed by the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen suffers from an elevation of...

kernel security and bug fix update

kernel - 2.6.18-417.0.0.0.1 - netfront fix ring buffer index go back led vif stop orabug 18272251 - net fix tcptrimhead James Li orabug 14512145, 19219078 - ocfs2: dlm: fix recovery hung Junxiao Bi orabug 13956772 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add...

[SECURITY] Fedora 25 Update: xen-4.7.1-5.fc25

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

[SECURITY] Fedora 23 Update: xen-4.5.5-5.fc23

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

CVE-2016-9034

An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer overflow in th...