Lucene search
K

166 matches found

NVD
NVD
added 2019/06/19 4:15 p.m.29 views

CVE-2019-12491

OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud e.g. by renting one. From the sour...

8.5CVSS7AI score0.01533EPSS
Exploits0References2
Prion
Prion
added 2019/06/19 4:15 p.m.19 views

Command injection

OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud e.g. by renting one. From the sour...

8.5CVSS6.9AI score0.01533EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/06/19 3:42 p.m.108 views

CVE-2019-12491

CVE-2019-12491 affects OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196, allowing an attacker who controls a single server in a cloud to craft and trigger commands that execute with root privileges on a target server managed by OnApp for XEN/KVM hypervisors. The issue enables remote command executi...

8.5CVSS6.9AI score0.01533EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/06/19 3:42 p.m.25 views

CVE-2019-12491

OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud e.g. by renting one. From the sour...

7AI score0.01533EPSS
Exploits0References2
Hewlett-Packard
Hewlett-Packard
added 2019/05/14 12:0 a.m.60 views

HPSBHF03618 rev. 8 - Intel Microarchitectural Data Sampling Security Updates

Potential Security Impact Information Disclosure Source : HP, HP Product Security Response Team PSRT Reported By : Intel VULNERABILITY SUMMARY Potential security vulnerabilities in Intel CPUs may allow information disclosure. Researchers have referred to these vulnerabilities as ZombieLoad, RIDL,...

6.5CVSS0.9AI score0.01553EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/03/13 12:0 a.m.4 views

The vulnerability of Xen hypervisors relates to insufficient validation of input data, allowing attackers to trigger a service failure.

The vulnerability of Xen hypervisors is related to insufficient validation of input data. Exploiting this vulnerability can allow a attacker through a guest OS to cause service interruptions...

6.5CVSS6.7AI score0.00454EPSS
Exploits0References8Affected Software2
Tenable Nessus
Tenable Nessus
added 2019/02/11 12:0 a.m.93 views

CentOS 6 : spice-server (CESA-2019:0232)

An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

7.5CVSS7.1AI score0.01208EPSS
Exploits0References2
Veracode
Veracode
added 2019/01/15 8:54 a.m.22 views

Information Disclosure

virt-who is vulnerable to information disclosure. Excessive permissions on the /etc/sysconfig/virt-who file allows any local users to read the contents and retrieve confidential information such as the password for hypervisors...

2.1CVSS5.5AI score0.00385EPSS
Exploits0References24Affected Software1
Citrix
Citrix
added 2018/12/12 12:0 a.m.8 views

Supported Hypervisors for Citrix Virtual Apps and Desktops (MCS) and Citrix Provisioning (PVS)

Citrix is committed to ensuring that our products function with the latest partner hypervisor offering, such as Microsoft Azure, AWS, Google Cloud Platform, Nutanix Cloud Clusters on AWS, Nutanix Cloud Clusters on Azure, VMware Cloud on AWS, Azure VMware Solution, Google Cloud VMware Engine,...

6.6AI score
Exploits0
Kitploit
Kitploit
added 2018/10/09 12:47 p.m.95 views

Sandsifter - The X86 Processor Fuzzer

The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor's instruction set, and monitoring execution for anomalies. Sandsifter has uncovered secret processor instructions from every major vendor;...

7.7AI score
Exploits0References3
VMware
VMware
added 2018/10/07 12:0 a.m.503 views

VMSA-2018-0025:VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability

VMSA-2018-0025 VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMSA-2018-0025 VMware Security AdvisorySeverity: Important VMware Security AdvisorySynopsis: VMware ESXi, Workstation, and Fusion...

6.5CVSS6.7AI score0.00426EPSS
Exploits0References10Affected Software3
Tenable Nessus
Tenable Nessus
added 2018/09/27 12:0 a.m.88 views

RHEL 7 : kernel (RHSA-2018:2785)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2785 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A flaw named SegmentSmack was found in...

7.8CVSS6.5AI score0.7354EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2018/07/31 5:50 p.m.109 views

Important: Red Hat Security Advisory: rhvm-setup-plugins security, bug fix, and enhancement update

An update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

5.5CVSS7.2AI score0.60631EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2018/05/29 7:50 p.m.11 views

SEVered Attack Extracts the Memory of AMD-Encrypted VMs

UPDATE Virtual machines that use AMD’s Secure Encrypted Virtualization SEV, a hardware-based encryption scheme, have been found to be vulnerable to the same malicious hypervisor attacks that can affect all processors. A successful attack can extract the full contents of their main memory in...

0.8AI score
Exploits0References1
0day.today
0day.today
added 2018/05/23 12:0 a.m.157 views

Microsoft Windows - POP/MOV SS Privilege Escalation Exploit

Exploit for windows platform in category local exploits Demo exploitation of the POP SS vulnerability CVE-2018-8897, leading to unsigned code execution with kernel privilages. - KVA Shadowing should be disabled and the relevant security update should be uninstalled. - This may not work with certa...

7.3AI score0.18262EPSS
Exploits9
exploitpack
exploitpack
added 2018/05/22 12:0 a.m.69 views

Microsoft Windows - POPMOV SS Privilege Escalation

Microsoft Windows - POPMOV SS Privilege Escalation Demo exploitation of the POP SS vulnerability CVE-2018-8897, leading to unsigned code execution with kernel privilages. - KVA Shadowing should be disabled and the relevant security update should be uninstalled. - This may not work with certain...

7.2CVSS0.3AI score0.18262EPSS
Exploits9
Exploit DB
Exploit DB
added 2018/05/22 12:0 a.m.137 views

Microsoft Windows - 'POP/MOV SS' Privilege Escalation

Demo exploitation of the POP SS vulnerability CVE-2018-8897, leading to unsigned code execution with kernel privilages. - KVA Shadowing should be disabled and the relevant security update should be uninstalled. - This may not work with certain hypervisors like VMWare, which discard the pending DB...

7.8CVSS7.3AI score0.18262EPSS
Exploits9
Hewlett-Packard
Hewlett-Packard
added 2018/01/04 12:0 a.m.72 views

HPSBHF03573 rev. 15 - Side-Channel Analysis Method

Potential Security Impact Elevation of Privilege/Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported by: Google Project Zero VULNERABILITY SUMMARY An industry-wide vulnerability, known as side channel analysis method, has been disclosed with modern CPUs using...

5.6CVSS2AI score0.93838EPSS
Exploits15
BDU FSTEC
BDU FSTEC
added 2017/11/14 12:0 a.m.6 views

The vulnerability of Xen hypervisors relates to deficiencies in access control, allowing attackers to trigger service failures or increase their privileges.

The vulnerability of Xen hypervisors is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating locally within a user account of the x86 guest operating system in hardware virtualization mode, to trigger a hypervisor failure or increase their...

8.8CVSS7.5AI score0.0043EPSS
Exploits0References4Affected Software1
rapid7community
rapid7community
added 2017/07/21 5:3 p.m.50 views

Virtual Machine Automation (vm-automation) repository released

Rapid7 just released a new public repo called vm-automation. The vm-automation repository is a Python library that encapsulates existing methodologies for virtual machine and hypervisor automation and provides a platform-agnostic Python API. Currently, only ESXi and VMWare workstation are...

7.2AI score
Exploits0
Rows per page
Query Builder