RHEL 6 : java-1.8.0-oracle (RHSA-2015:0080) (POODLE)

Updated java-1.8.0-oracle packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807)

Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack...

OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)

A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...

JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...

JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...

[SECURITY] Fedora 21 Update: python-pillow-2.6.1-2.fc21

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are five subpackages: tk tk interface, qt PIL image wrapper for Qt , sane scanning...

Ruby on Rails: RCE due to Web Console IP Whitelist bypass in Rails 4.0 and 4.1

With the release of Ruby on Rails 4.2 the so called Web Console was introduced. As the Web Console documentation states: Web Console is built explicitly for Rails 4. By default the Web Console is available in the Rails Development Environment and allows only the IPs 127.0.0.1 and ::1 to access th...

java security update

CentOS Errata and Security Advisory CESA-2015:0067 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System...

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

Exploit Pack - Open Source Security Project for Penetration Testing and Exploit Development

Exploit Pack, is an open source GPLv3 security tool, this means it is fully free and you can use it without any kind of restriction. Other security tools like Metasploit, Immunity Canvas, or Core Iimpact are ready to use as well but you will require an expensive license to get access to all the...

[SECURITY] Fedora 20 Update: owasp-esapi-java-2.1.0-2.fc20

OWASP ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library that makes it easier for programme rs to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing...

[SECURITY] Fedora 21 Update: owasp-esapi-java-2.1.0-1.fc21

OWASP ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library that makes it easier for programme rs to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing...

Microsoft Shuts Down Patch Tuesday Advanced Notifications

Microsoft today pulled the plug on its Advanced Notification Service ANS, offering it going forward only to paying Premier customers. ANS preceded the release of Microsoft’s monthly Patch Tuesday security bulletins; on the Thursday prior, Microsoft would provide users via its security website a...

CVE-2014-4639

EMC Documentum Web Development Kit WDK before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value...

CVE-2014-4637

Open redirect vulnerability in EMC Documentum Web Development Kit WDK before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter...

CVE-2014-4638

EMC Documentum Web Development Kit WDK before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors...

CVE-2014-4636

Cross-site request forgery CSRF vulnerability in EMC Documentum Web Development Kit WDK before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations...

CVE-2014-4635

Multiple cross-site scripting XSS vulnerabilities in EMC Documentum Web Development Kit WDK before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Design/Logic Flaw

EMC Documentum Web Development Kit WDK before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value...