OpenJDK: incorrect handling of phantom references (Hotspot, 8071931)

A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions...

Oracle Patch Update Delivers 98 Fixes

Released alongside patches from Microsoft and Adobe yesterday, Oracle’s regularly scheduled Critical Patch Update fixed 98 issues across a handful of products, including Oracle’s Database, Fusion Middleware, Java SE, and MySQL, to name a few. One of the most pressing issues the update resolves is...

java security update

CentOS Errata and Security Advisory CESA-2015:0807 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...

java security update

CentOS Errata and Security Advisory CESA-2015:0809 Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...

CVE-2015-1647

Virtual Machine Manager VMM in Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 allows guest OS users to cause a denial of service VMM functionality loss via a crafted application, aka "Windows Hyper-V DoS Vulnerability."...

CVE-2015-1647

CVE-2015-1647 affects Microsoft Windows Hyper-V, specifically the Virtual Machine Manager (VMM) in Windows 8.1 and Windows Server 2012 R2. A crafted application running inside a guest VM can cause a denial of service (VMM functionality loss). The issue is tied to Hyper-V’s VMM component (vmms.exe...

DEBIAN-CVE-2015-2937

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service "quadratic blowup" and memory consumption via an XML file containing an entity declaration with long replacement text and many references to th...

UBUNTU-CVE-2015-2942

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service CPU and memory consumption via a large number of nested entity references in an 1 SVG file or 2 XMP metadata in a PDF file, aka a "billion laughs attack," ...

qemu: cirrus: insufficient blit region checks

It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data...

Important: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

Updated openstack-nova packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...

SureBackup job fails with "Unnamed VM could not initialize" error

SureBackup job fails with "Unnamed VM could not initialize" errorIn the logs you can see the following error message:19.03.2015 14:38:08 Error Failed to power on virtual machine...

DEBIAN-CVE-2015-2044

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size...

Security feature bypass

Unspecified vulnerability in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via...

CVE-2014-8891

CVE-2014-8891 affects IBM SDK, Java Technology Edition (IBM JRE) under multiple releases: 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10. The vulnerability allows remote attackers to escape the Java sandbox and execute arbitrary code through...

CVE-2014-8892

CVE-2014-8892 affects IBM SDK/JVM used by Tivoli Storage Productivity Center (IBM Java Technology Edition). The IBM security bulletin describes the vulnerability as a bypass of permission checks under a security manager, potentially allowing untrusted code to view sensitive information. Remediati...

CVE-2014-8891

Unspecified vulnerability in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vector...

kernel: kvm: vmx: invalid host cr4 handling across vm entries

It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause a denial of service on the system...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-2)

USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter CNTVCT on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the...

USN-2516-3 linux vulnerabilities

USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in USN-2516-2 was incomplete. There was an unrelated regression in the use of the virtual counter CNTVCT on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw w...

Ubuntu: Security Advisory (USN-2517-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...