Headline
CVE-2015-5278: [SECURITY] Fedora 23 Update: xen-4.5.1-9.fc23
The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets.
Related news
CVE-2019-10199: 1729261 – (CVE-2019-10199) CVE-2019-10199 keycloak: CSRF check missing in My Resources functionality in the Account Console
It was found that Keycloak's account console, up to 6.0.1, did not perform adequate header checks in some requests. An attacker could use this flaw to trick an authenticated user into performing operations via request from an untrusted domain.