Apple macOSiOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device

Apple macOSiOS Kernel 10.12.3 16D32 - Double-Free Due to Bad Locking in fsevents Device / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1129 fseventsfioctl handles ioctls on fsevent fds acquired via FSEVENTSCLONE64 on /dev/fsevents Heres the code for the FSEVENTSDEVICEFILTER64...

PT-2021-5177 · Saltstack +3 · Saltstack Salt +3

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3002.5 Description: The issue is related to improper access restriction in SaltStack Salt, allowing a remote attacker to gain unauthorized access to restricted functions. Specifically, salt-api does not honor...

Wheel of Fortune Free Play - Dangerous filesystem permissions, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Wheel of Fortune Free Play published at the 'play' market has multiple vulnerabilities...

StoreFront 2.5 not loading apps

Storefront URL when logging in doesn't load any applications and just comes up after logging in with "Spinning wheel" Issue is fixed by rebooting the Storefront servers every time it happens. Also sometimes "Cannot complete you request" error comes after login...

WordPress Tweet-Wheel 1.0.3.2 Cross Site Scripting

FULL DISCLOSURE Product :Tweet-wheel Exploit Author : Rahul Pratap Singh Version :1.0.3.2 Home page Link : https://wordpress.org/plugins/tweet-wheel/ Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 21/4/2016 XSS Vulnerability:...

Tweet Wheel <= 1.0.3.2 - Reflected Cross-Site Scripting (XSS)

The Tweet Wheel WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

WordPress Tweet Wheel Plugin <= 1.0.3.2 - Reflected Cross Site Scripting

This plugin is prone to a reflected cross site scripting vulnerability, because "consumerkey", "consumersecret,accesstoken", "accesstokensecret" parameters are not sanitized. Solution Update the plugin...

Phrase Wheel - Dangerous filesystem permissions, Hardcoded secrets, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Phrase Wheel published at the 'play' market has multiple vulnerabilities...

Crazy Wheel - Join the Show - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Crazy Wheel - Join the Show published at the 'play' market has multiple vulnerabilities...

Wheel Of Fun Turkish - Dynamic Code Loading, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Wheel Of Fun Turkish published at the 'play' market has multiple vulnerabilities...

Luckiest Wheel - Dynamic Code Loading, External URLs, Possible privilege escalation vulnerabilities

HackApp vulnerability scanner discovered that application Luckiest Wheel published at the 'play' market has multiple vulnerabilities...

Wheel of Fun - Dynamic Code Loading, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Wheel of Fun published at the 'play' market has multiple vulnerabilities...

AARCHER™ A Wheel Balls Arrows - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application AARCHER™ A Wheel Balls Arrows published at the 'play' market has multiple vulnerabilities...

Fortune Wheel Slots - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Fortune Wheel Slots published at the 'play' market has multiple vulnerabilities...

Lucky Wheel Slots - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Lucky Wheel Slots published at the 'play' market has multiple vulnerabilities...

Money Wheel Slot Machine - Customized SSL, Dynamic Code Loading, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Money Wheel Slot Machine published at the 'play' market has multiple vulnerabilities...

Oracle: Security Advisory (ELSA-2015-1064)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

python27 security, bug fix, and enhancement update

python27 1.1-17 - Require python-pip and python-wheel note: in rh-python34 this is not necessary, because 'python' depends on these. python27-python 2.7.8-3 - Add httplib fix for CVE-2013-1752 Resolves: rhbz1187779 2.7.8-2 - Fix %check unset DISPLAY setion not failing properly on failed test -...

abrt: default abrt event scripts lead to information disclosure

It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. The fix for this issue prevents non-privileged use...

Moderate: Red Hat Security Advisory: python27 security, bug fix, and enhancement update

Updated python27 collection packages that fix multiple security issues and several bugs are now available as part of Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...