21 matches found
EUVD-2015-2260
Malware in sbrugna...
EUVD-2015-2846
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2015-2150
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to...
Ubuntu: Security Advisory (USN-2613-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2614-1: Linux kernel vulnerabilities
Vincent Tondellier discovered an integer overflow in the Linux kernel's netfilter connection tracking accounting of loaded extensions. An attacker on the local area network LAN could potential exploit this flaw to cause a denial of service system crash of targeted system. CVE-2014-9715 Jan Beulic...
SUSE SLED12 / SLES12 Security Update : Security Update for Linux Kernel (SUSE-SU-2015:0658-1)
The SUSE Linux Enterprise Server 12 kernel was updated to 3.12.39 to receive various security and bugfixes. Following security bugs were fixed : - CVE-2015-0777: The XEN usb backend could leak information to the guest system due to copying uninitialized memory. - CVE-2015-2150: Xen and the Linux...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3036)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-3036 advisory. - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077389 CVE-2015-3331 - xen/pciback: Don't disable PCICOMMAND on PCI...
USN-2608-1: QEMU vulnerabilities
Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, wh...
Ubuntu 14.04 LTS : QEMU vulnerabilities (USN-2608-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2608-1 advisory. Jason Geffner discovered that QEMU incorrectly handled the virtual floppy driver. This issue is known as VENOM. A malicious guest could use this issue to...
Ubuntu 14.10 : linux vulnerabilities (USN-2590-1)
Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service host crash. CVE-2015-2150 A stack overflow was discovered in the the microcode loader for...
Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2589-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2589-1 advisory. Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest use...
Updated kernel package fixes security vulnerabilities
This kernel update is based on upstream -longterm 3.14.39 and fixes the following security issues: It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the uverbs API. A local user with access to ...
USN-2590-1: Linux kernel vulnerabilities
Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service host crash. CVE-2015-2150 A stack overflow was discovered in the the microcode loader for...
USN-2589-1: Linux kernel (Utopic HWE) vulnerabilities
Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service host crash. CVE-2015-2150 A stack overflow was discovered in the the microcode loader for...
CVE-2015-2756
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service non-maskable interrupt and host crash by disabling the 1 memory or 2 I/O decoding for a PCI Express device and then accessing...
UBUNTU-CVE-2015-2756
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service non-maskable interrupt and host crash by disabling the 1 memory or 2 I/O decoding for a PCI Express device and then accessing...
Xen Denial of Service Vulnerability (CNVD-2015-01674)
Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in X...
CVE-2015-2150
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service non-maskable interrupt and host crash by disabling the 1 memory or 2 I/O decoding for a PCI Express device and...
CVE-2015-2150
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service non-maskable interrupt and host crash by disabling the 1 memory or 2 I/O decoding for a PCI Express device and...
CVE-2015-2150
CVE-2015-2150 affects Xen 3.3.x–4.5.x and the Linux kernel up to 3.19.1, where access to PCI command registers is not properly restricted. This can allow a local guest OS user to cause a denial of service (unexpected NMI, host crash) by disabling memory or I/O decoding for a PCI Express device an...