166 matches found
CVE-2019-12491
OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud e.g. by renting one. From the sour...
Command injection
OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud e.g. by renting one. From the sour...
CVE-2019-12491
CVE-2019-12491 affects OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196, allowing an attacker who controls a single server in a cloud to craft and trigger commands that execute with root privileges on a target server managed by OnApp for XEN/KVM hypervisors. The issue enables remote command executi...
CVE-2019-12491
OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud e.g. by renting one. From the sour...
HPSBHF03618 rev. 8 - Intel Microarchitectural Data Sampling Security Updates
Potential Security Impact Information Disclosure Source : HP, HP Product Security Response Team PSRT Reported By : Intel VULNERABILITY SUMMARY Potential security vulnerabilities in Intel CPUs may allow information disclosure. Researchers have referred to these vulnerabilities as ZombieLoad, RIDL,...
The vulnerability of Xen hypervisors relates to insufficient validation of input data, allowing attackers to trigger a service failure.
The vulnerability of Xen hypervisors is related to insufficient validation of input data. Exploiting this vulnerability can allow a attacker through a guest OS to cause service interruptions...
CentOS 6 : spice-server (CESA-2019:0232)
An update for spice-server is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Information Disclosure
virt-who is vulnerable to information disclosure. Excessive permissions on the /etc/sysconfig/virt-who file allows any local users to read the contents and retrieve confidential information such as the password for hypervisors...
Supported Hypervisors for Citrix Virtual Apps and Desktops (MCS) and Citrix Provisioning (PVS)
Citrix is committed to ensuring that our products function with the latest partner hypervisor offering, such as Microsoft Azure, AWS, Google Cloud Platform, Nutanix Cloud Clusters on AWS, Nutanix Cloud Clusters on Azure, VMware Cloud on AWS, Azure VMware Solution, Google Cloud VMware Engine,...
Sandsifter - The X86 Processor Fuzzer
The sandsifter audits x86 processors for hidden instructions and hardware bugs, by systematically generating machine code to search through a processor's instruction set, and monitoring execution for anomalies. Sandsifter has uncovered secret processor instructions from every major vendor;...
VMSA-2018-0025:VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability
VMSA-2018-0025 VMware ESXi, Workstation, and Fusion workarounds address a denial-of-service vulnerability VMware Security Advisory VMware Security AdvisoryAdvisory ID: VMSA-2018-0025 VMware Security AdvisorySeverity: Important VMware Security AdvisorySynopsis: VMware ESXi, Workstation, and Fusion...
RHEL 7 : kernel (RHSA-2018:2785)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2785 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A flaw named SegmentSmack was found in...
Important: Red Hat Security Advisory: rhvm-setup-plugins security, bug fix, and enhancement update
An update for rhvm-setup-plugins is now available for Red Hat Virtualization Engine 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
SEVered Attack Extracts the Memory of AMD-Encrypted VMs
UPDATE Virtual machines that use AMD’s Secure Encrypted Virtualization SEV, a hardware-based encryption scheme, have been found to be vulnerable to the same malicious hypervisor attacks that can affect all processors. A successful attack can extract the full contents of their main memory in...
Microsoft Windows - POP/MOV SS Privilege Escalation Exploit
Exploit for windows platform in category local exploits Demo exploitation of the POP SS vulnerability CVE-2018-8897, leading to unsigned code execution with kernel privilages. - KVA Shadowing should be disabled and the relevant security update should be uninstalled. - This may not work with certa...
Microsoft Windows - POPMOV SS Privilege Escalation
Microsoft Windows - POPMOV SS Privilege Escalation Demo exploitation of the POP SS vulnerability CVE-2018-8897, leading to unsigned code execution with kernel privilages. - KVA Shadowing should be disabled and the relevant security update should be uninstalled. - This may not work with certain...
Microsoft Windows - 'POP/MOV SS' Privilege Escalation
Demo exploitation of the POP SS vulnerability CVE-2018-8897, leading to unsigned code execution with kernel privilages. - KVA Shadowing should be disabled and the relevant security update should be uninstalled. - This may not work with certain hypervisors like VMWare, which discard the pending DB...
HPSBHF03573 rev. 15 - Side-Channel Analysis Method
Potential Security Impact Elevation of Privilege/Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported by: Google Project Zero VULNERABILITY SUMMARY An industry-wide vulnerability, known as side channel analysis method, has been disclosed with modern CPUs using...
The vulnerability of Xen hypervisors relates to deficiencies in access control, allowing attackers to trigger service failures or increase their privileges.
The vulnerability of Xen hypervisors is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating locally within a user account of the x86 guest operating system in hardware virtualization mode, to trigger a hypervisor failure or increase their...
Virtual Machine Automation (vm-automation) repository released
Rapid7 just released a new public repo called vm-automation. The vm-automation repository is a Python library that encapsulates existing methodologies for virtual machine and hypervisor automation and provides a platform-agnostic Python API. Currently, only ESXi and VMWare workstation are...