MGASA-2013-0323 Updated java-1.6.0-openjdk package fixes multiple vulnerabilities

Updated java-1.6.0-openjdk packages fix security vulnerabilities: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the...

ESXi 5.0 < Build 1311175 Multiple Vulnerabilities (remote check)

The remote VMware ESXi 5.0 host is affected by the following security vulnerabilities : - Multiple errors exist related to OpenSSL that could allow information disclosure or denial of service attacks. CVE-2013-0166, CVE-2013-0169 - An error exists in the libxml2 library related to the expansion o...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20131105)

Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine...

Oracle Java java.awt.image.ByteComponentRaster Overflow

Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

OpenJDK: Unique VMIDs (Libraries, 8001033)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different...

OpenJDK: Unique VMIDs (Libraries, 8001033)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different...

Cisco WebEx Meetings Server Deployment Passphrase Bypass Vulnerability

A vulnerability in the deployment module of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to bypass the passphrase check during the deployment of a virtual machine. The vulnerability is due to a flaw in the validation of the passphrase. An attacker could exploit this...

[SECURITY] Fedora 20 Update: xen-4.3.0-6.fc20

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

DEBIAN-CVE-2013-5634

arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service NULL pointer dereference, OOPS, and host OS crash or possibly have unspecified other impact by omitting vCPU initialization before a KVMGETREGLIST ioctl call...

[OWASP Broken Web Applications Project VM v1.1] Collection of vulnerable web applications

The Broken Web Applications BWA Project is a collection of vulnerable web applications that is distributed on a Virtual Machine. The Broken Web Applications BWA Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in: Learning about...

CentOS Update for spice-server CESA-2013:1192 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-207)

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-2470 , CVE-2013-2471 ,...

Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow

Added: 09/04/2013 CVE: CVE-2013-2471 BID: 60659 OSVDB: 94357 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

Bitbot C2 Panel Cross Site Scripting / SQL Injection

Exploit Title: Bitbot C2 Panel gate2.php SQLi + XSS Date: 08/19/2013 Exploit Author: Brian Wallace bwall aka @botnethunter Software Link: https://sourceforge.net/p/flippingbitbot/wiki/Home/ Vulnerable Virtual Machine including Bitbot Tested on: Debian/Ubuntu from StringIO import StringIO import...

Bitbot C2 Panel gate2.php - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Bitbot C2 Panel gate2.php SQLi + XSS Date: 08/19/2013 Exploit Author: Brian Wallace bwall aka @botnethunter Software Link: https://sourceforge.net/p/flippingbitbot/wiki/Home/ Vulnerable Virtual Machine including Bitbot Tested on...

Oracle JRockit Detection

The remote host has Oracle JRockit installed. JRockit is an alternate Java Virtual Machine. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69304; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/10"; scriptnameenglish:"Oracle...

DEBIAN-CVE-2013-4127

Use-after-free vulnerability in the vhostnetsetbackend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service OOPS and system crash via vectors involving powering on a virtual machine...

CVE-2013-4127

Use-after-free vulnerability in the vhostnetsetbackend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service OOPS and system crash via vectors involving powering on a virtual machine...

CVE-2013-4127

Use-after-free vulnerability in the vhostnetsetbackend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service OOPS and system crash via vectors involving powering on a virtual machine...

CVE-2013-4129

The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to cause a denial of service BUG and system crash via vectors involving the shutdown of a KVM virtual...