Important: Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update

An updated rhev-hypervisor6 package that fixes three security issues and one bug is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2336-1)

A flaw was discovered in the Linux kernel virtual machine's kvm validation of interrupt requests irq. A guest OS user could exploit this flaw to cause a denial of service host OS crash. CVE-2014-0155 Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket...

UBUNTU-CVE-2014-5263

vmstatexhcievent in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATEENDOFLIST macro, which allows attackers to cause a denial of service out-of-bounds access, infinite loop, and memory corruption and possibly gain privileges via unspecified vectors...

Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 'VirtualBox 3D Acceleration Virtual Machine Escape', 'Description' = %q This module exploits a vulnerability in the 3D...

CVE-2014-3086

Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...

Security feature bypass

Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...

CVE-2014-3086

Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...

CVE-2014-3086

CVE-2014-3086 is an IBM Java VM privilege-escalation issue impacting IBM Java SDK/JRE used in IBM WebSphere Real Time and related IBM products. The vulnerability allows untrusted code running under a security manager to escalate privileges, enabling remote code execution under the context of the ...

JDK: Privilege escalation issue

Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...

JDK: Privilege escalation issue

Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...

PT-2014-5395 · Red Hat · Red Hat Enterprise Virtualization

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization version 3.4 Description: The issue concerns the oVirt storage backend, which fails to wipe memory snapshots when a virtual machine VM is deleted, even if wipe-after-delete WAD is configured for the VM's disk...

ovirt-engine-backend: memory snapshots not wiped when deleting a VM with wipe-after-delete (WAD) enabled for its disks

It was found that the oVirt storage back end did not wipe memory snapshots when VMs were deleted, even if wipe-after-delete WAD was enabled for the VM's disks. A remote attacker with credentials to create a new VM could use this flaw to potentially access the contents of memory snapshots in an...

libcacard, qemu security update

CentOS Errata and Security Advisory CESA-2014:0927 Updated qemu-kvm packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scori...

RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2014:0889)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0889 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was...

MS Virtual Machine 2000/3100/3200/3300 Series com.ms.activeX.ActiveXComponent Arbitrary Program Execution

No description provided by source. source: http://www.securityfocus.com/bid/1754/info If a malicious website operator were to embed a specially crafted java object into a HTML document, it would be possible to execute arbitrary programs on a target host viewing the webpage through either Microsof...

Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/957/info Microsoft's Java Virtual Machine will allow the reading of local file information by a remote Java application. This can be done two ways: 1: Via the getSystemResourceAsStream function. The filename must be...

Bitbot C2 Panel gate2.php - Multiple Vulnerabilities

No description provided by source. Exploit Title: Bitbot C2 Panel gate2.php SQLi + XSS Date: 08/19/2013 Exploit Author: Brian Wallace bwall aka @botnethunter Software Link: https://sourceforge.net/p/flippingbitbot/wiki/Home/ Vulnerable Virtual Machine including Bitbot Tested on: Debian/Ubuntu fro...

Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1812/info An attacker may gain read access on remote systems by specifying a custom codebase in a Java applet, and delivering to the victims via HTML email or a website. Any arbitrary codebase can be referenced by a java...

Sun Microsystems Java Virtual Machine 1.x Security Manager Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8892/info A problem has been reported in the Sun Microsystems Java Virtual Machine that occurs when implementing the Security Manager. Because of this, an attacker may be able to crash the virtual machine. /...

Sun Java Virtual Machine 1.x Font.createFont Method Insecure Temporary File Creation Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10685/info Sun Java Virtual Machine is a component of the Sun Java infrastructure that performs the handling of Java applets and other programs. It is available for Unix, Linux, and Microsoft platforms. Sun Java Virtual...