CVE-2017-1237

CVE-2017-1237 concerns a cross-site scripting vulnerability in IBM Jazz-based applications. The issue affects IBM Jazz Team Server and CLM-related products (CLM, RDNG, RELM, RTC, RQM, Rhapsody Design Manager, RSA Design Manager) across multiple versions (notably 5.0.x to 6.0.x). The underlying ri...

Dell EMC ScaleIO Buffer Overflow / Command Injection Vulnerability

Dell EMC ScaleIO customers are encouraged to update to ScaleIO version 2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system. Dell EMC Identifier: DSA-2018-058 C...

CVE-2018-1237

CVE-2018-1237 affects Dell EMC ScaleIO versions prior to 2.5. The vulnerability resides in the Light Installation Agent (LIA) and stems from improper restriction of excessive authentication attempts. A remote attacker with network access to LIA could brute-force usernames and passwords on LIA-man...

openSUSE Security Update : the Linux Kernel (openSUSE-2016-1227) (Dirty COW)

The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-8956: The rfcommsockbind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service...

Security update for the Linux Kernel (important)

The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8956: The rfcommsockbind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service...

Ubuntu: Security Advisory (USN-3070-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-3053-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3053-1 advisory. A missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL...

cda.pl XSS vulnerability

Vulnerable URL: http://www.cda.pl/info/test'%7D;alert'openbugbounty';foobar=%7Bfoobar:' Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1237 VIP website status:| Yes Check cda.pl SSL connection:| Grade: A...

Fedora 23 : kernel (2016-73a733f4d9)

The 4.5.7-202 kernel update contains a number of important security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

CVE-2016-1237

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c...

CVE-2016-1237

nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c...

CVE-2016-1237

It was found that nfsd is missing permissions check when setting ACL on files, this may allow a local users to gain access to any file by setting a crafted ACL...

CentOS Update for ImageMagick CESA-2016:1237 centos7

Check the version of ImageMagick SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882507";...

Debian DSA-3238-1 : chromium-browser - security update

Several vulnerabilities were discovered in the chromium web browser. - CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. - CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. - CVE-2015-1237 Khalil Zhani discovered a use-after-fr...

FreeBSD : chromium -- multiple vulnerabilities (b57f690e-ecc9-11e4-876c-00262d5ed8ee)

Google Chrome Releases reports : 45 new security fixes, including : - 456518 High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous. - 313939 Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo. - 461191 High CVE-2015-1237: Use-after-free in IPC. Credit ...

Ubuntu: Security Advisory (USN-2570-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 3238-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3238-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 26, 2015 http://www.debian.org/security/faq -...

CVE-2015-1237

The CVE-2015-1237 issue is a use-after-free in Chrome’s RenderFrameImpl::OnMessageReceived (content/renderer/render_frame_impl.cc) affecting Google Chrome prior to 42.0.2311.90. It can cause denial of service and potentially other impact via renderer IPC messages during a detach operation. Remedi...

RHEL 6 : chromium-browser (RHSA-2015:0816)

Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CVE-2014-1237

CVE-2014-1237: XSS in synetics i-doit Pro prior to 1.2.4. The vulnerability arises from insufficient encoding of user-supplied data, allowing remote attackers to inject arbitrary web script or HTML via the call parameter. Affected: i-doit Pro before 1.2.4 (and likely earlier versions per advisory...