IBM JDK Java Virtual Machine Elevation of Privilege Vulnerability

IBM Java is a JRE runtime environment. An unspecified security vulnerability exists in the IBM JDK Java virtual machine, which allows attackers to exploit the vulnerability to execute malicious code with elevated privileges...

IBM JDK Java Information Disclosure Vulnerability

IBM Java is a JRE runtime environment. An information disclosure vulnerability exists in the IBM JDK Java virtual machine, which allows attackers to exploit the vulnerability to bypass privilege checks and gain access to sensitive information...

[USN-2590-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2590-1 April 30, 2015 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[SECURITY] Fedora 20 Update: xen-4.3.4-3.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2589-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2589-1 advisory. Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest use...

USN-2589-1: Linux kernel (Utopic HWE) vulnerabilities

Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service host crash. CVE-2015-2150 A stack overflow was discovered in the the microcode loader for...

qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")

Jason Geffner, CrowdStrike Senior Security Researcher reports: VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine VM...

vdsm: Users attempting a live storage migration create snapshot without snapshot creation permissions

It was discovered that the permissions to allow or deny snapshot creation were ignored during live storage migration of a VM's disk between storage domains. An attacker able to live migrate a disk between storage domains could use this flaw to cause a denial of service...

qemu: cirrus: insufficient blit region checks

It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities in the kvm operating system package of openSUSE can be exploited, which may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by malicious individuals who have completed the authentication...

The vulnerability of Hyper-V software allows a malicious actor to trigger a service failure.

The Hyper-V component of the Windows operating system contains a vulnerability related to errors that occur when a specially crafted application is launched on a virtual machine. Exploiting this vulnerability can allow an attacker to cause a failure in the virtual machine controller...

RHEL 5 : kvm (RHSA-2015:0869)

Updated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...

Oracle Java SE and Jrockit JSSE Subcomponent Denial of Service Vulnerability

Oracle Java SE is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.JRockit is a Java virtual machine built into Oracle Fusion Middleware. A security vulnerability exists in the JSSE subcomponent of Oracle Java SE and Jrockit, whic...

Unspecified Vulnerability in Oracle Database Server VM Component

Oracle Database Server is a relational database management system. A security vulnerability exists in the JAVA VM component of Oracle Database Server, which can be exploited by remote attackers to compromise system confidentiality, integrity, and availability...

Unspecified Vulnerability in Oracle Sun Systems Product Suite VM Server for SPARC Component

Oracle VM Server for SPARC is a suite of SPARC hypervisors for running multiple OS instances simultaneously on a single SPARC T-Series server. A security vulnerability in the Ldom Manager subcomponent of the Oracle VM Server for SPARC component of the Oracle Sun Systems Products Suite can be...

Facebook HHVM 'WddxPacket::recursiveAddVar' Cross-Site Scripting Vulnerability

Facebook HHVM is a virtual machine from Facebook USA that significantly improves the performance of loading dynamic pages with PHP. A cross-site scripting vulnerability exists in the 'WddxPacket::recursiveAddVar' function of Facebook HHVM due to the 'wddxserializevalue' function failing to...

Microsoft Windows Hyper-V Denial of Service Vulnerability

Hyper-V is a technology based on the Virtual Machine Monitor that provides a scalable, reliable and highly available virtualization platform. A security vulnerability exists in the implementation of Hyper-V's Virtual Machine Manager VMM in Windows 8.1 and Windows Server 2012 R2 versions. It allow...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/srpm/x86_64 (20150415)

An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox...

Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20150415)

An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox...

MGASA-2015-0158 Updated java-1.7.0-openjdk packages fix security vulnerabilities

Updated java-1.7.0 packages fix security vulnerabilities: An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrust...