Visioweb.js 安全漏洞

Visioglobe Visioweb.js is used by Visioglobe to load and explore 3D maps built from VisioMapEditor. A security vulnerability exists in Visioweb.js version 1.10.6, which stems from the presence of prototype contamination that can be exploited by an attacker to execute XSS on a client system...

ansible: Arbitrary code execution on control node (incomplete fix for CVE-2016-9587)

An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server...