jre8-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

Spice 'surface_id' Heap Overflow Vulnerability

SPICE Simple Protocol for Independent Computing Environments is one of the three main technology components of Red Hat Enterprise Virtualized Desktop Edition, an adaptive remote submission protocol that delivers the exact same end-user experience as a physical desktop. A security vulnerability...

Microsoft Edge Performance Object Virtual Machine Judgment Vulnerability

Microsoft Edge is a WEB-based browser. A security vulnerability exists in Microsoft Edge's call to the 'windows.performance' object, which allows attackers to exploit the vulnerability to determine virtual machine information...

Microsoft Internet Explorer Performance Object Virtual Machine Judgment Vulnerability

Microsoft Internet Explorer is a WEB-based browser. A security vulnerability exists in Microsoft Internet Explorer when calling the 'windows.performance' object, which allows attackers to determine virtual machine information...

[SECURITY] Fedora 22 Update: groovy-2.4.0-2.fc22

Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you ca...

The remote control tool VNC denial of service vulnerability analysis-vulnerability warning-the black bar safety net

Original author: 3 6 0 security guard company account） LR, noirfate Foreword Qemu is a processor simulation software, can provide user-mode simulation and system mode simulation. When in the user mode of the simulation state will be used when dynamic translation technology allows a cpu to build t...

Cisco TelePresence Server Denial of Service Vulnerability (cisco-sa-20150916-tps)

Cisco TelePresence Server contains a buffer overflow vulnerability in the Conference Control Protocol API that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a...

Amazon Linux: Security Advisory (ALAS-2012-88)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

By overflow vulnerability to bypass the antivirus protection-vulnerability warning-the black bar safety net

Ideas By writing a having overflow vulnerability in the program, and the malicious code written into the shellcode, overflow after executing the shellcode can bypass the antivirus protection. Test environment Platform: Windows XP SP3 Compiler: VC 6.0 Test code Construct the following exploit code...

RHEV-M: webadmin automatic logout fails if VM is selected

It was found that the idle timeout in the Red Hat Enterprise Virtualization Manager Web Admin interface failed to log out a session if a VM has been selected in the VM grid view. This could allow a local attacker to access the web interface if it was left unattended...

Moderate: Red Hat Security Advisory: python-django-horizon security and bug fix update

Updated python-django-horizon packages that fix multiple security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Kernel Virtual Machine Memory Corruption Vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the U.S. The Kernel Virtual Machine KVM, Kernel-based Virtual Machine is a type of virtualization infrastructure used in it. A memory corruption vulnerability exists in Kernel Virtual Machine. A...

UBUNTU-CVE-2015-5745

Buffer overflow in the sendcontrolmsg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service QEMU process crash via a crafted virtio control message...

Xen Patches VM Escape Flaw

The Xen Project has patched a serious vulnerability that could allow an attacker in a guest virtual machine to escape and gain the ability to run arbitrary code on the host machine. The vulnerability is in the QEMU open source machine emulator that ships as part of the Xen hypervisor. The problem...

BWA - OWASP Broken Web Applications Project

A collection of vulnerable web applications that is distributed on a Virtual Machine. Description The Broken Web Applications BWA Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in: learning about web application security testin...

USN-2684-1: Linux kernel vulnerabilities

A flaw was discovered in the kvm kernel virtual machine subsystem's kvmapichasevents function. A unprivileged local user could exploit this flaw to cause a denial of service system crash. CVE-2015-4692 Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A...

Oracle Database Java VM Component Elevation of Privilege Vulnerability

Oracle Database is a large database of commercial nature. A security vulnerability exists in the Oracle Database Java VM component that allows authenticated users to elevate privileges...

Microsoft Windows Server Arbitrary Code Execution Vulnerability

Microsoft Windows Server is a series of servers based on the windows operating system launched by the U.S. Microsoft Microsoft. A security vulnerability exists in Hyper-V for Microsoft Windows due to the program failing to properly initialize data structures on the operating system side of a...

Xen stack buffer overflow vulnerability

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A stack buffer overflow vulnerabilit...

CVE-2015-1914

IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine...