CentOS 7 : sssd (CESA-2017:3379)

An update for sssd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CVE-2017-14899

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCANL80211VENDORSUBCMDSETTXPOWERSCALEDECRDB vendor command, in which attribute QCAWLANVENDORATTRTXPOWERSCALEDECRDB contains fewer than 1 byte, a buffer overrun occu...

Cross-site Scripting (XSS)

Wordpress is vulnerable to cross-site scripting XSS attacks. Attackers can use the lang attribute of an HTML element to conduct XSS attacks when setting the language of a site...

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-38249)

WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases, or use WordPress as a content management system CMS. A cross-site scripting vulnerability exists in WordPress before 4.9.1. The vulnerability...

CVE-2017-17093

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site...

DEBIAN-CVE-2017-17093

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site...

UBUNTU-CVE-2017-17093

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site...

CVE-2017-17093

CVE-2017-17093 affects WordPress prior to 4.9.1, specifically wp-includes/general-template.php where the lang attribute of an HTML element is not properly restricted. This design flaw can enable cross-site scripting (XSS) via the site language setting. The vulnerability is addressed by WordPress ...

CVE-2017-17093

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site...

CVE-2017-17093

wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site...

MGASA-2017-0429 Updated mediawiki packages fix security vulnerabilities

XSS when $wgShowExceptionDetails = false and browser sends non-standard url escaping CVE-2017-8808. Reflected File Download from api.php CVE-2017-8809. On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password CVE-2017-8810. It's possible to...

WordPress 4.3.0-4.9 - HTML Language Attribute Escaping

...

Authorization Bypass

TeamPass is vulnerable to authorization bypass. The application does not properly check if a user has the proper permissions to access an item, allowing a malicious user to modify or delete multiple attributes of an item by modifying requests sent to the application...

FreeBSD : frr -- BGP Mishandled attribute length on Error (bf266183-cec7-11e7-af2d-2047478f2f70)

FRR reports : BGP Mishandled attribute length on Error A vulnerability exists in the BGP daemon of FRR where a malformed BGP UPDATE packet can leak information from the BGP daemon and cause a denial of service by crashing the daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Rsync receive_xattr Heap-based Buffer Overread (CVE-2017-16548)

A heap-based buffer overread vulnerability exists in the receivexattr function of rsync. The vulnerability is due to an error in processing non NULL terminated extended attribute name strings in certain cases when using the rsync protocol. A remote, unauthenticated attacker could exploit this...

Buffer overflow

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211setstation when user space application sends attribute NL80211ATTRLOCALMESHPOWERMODE with data of size less than 4 bytes...

CVE-2017-11089

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211setstation when user space application sends attribute NL80211ATTRLOCALMESHPOWERMODE with data of size less than 4 bytes...

Unspecified vulnerability in MediaWiki (CNVD-2017-35258)

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.27.4, 1.28.x...

Debian DSA-4036-1 : mediawiki - security update

Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work : - CVE-2017-8808 Cross-site-scripting with non-standard URL escaping and $wgShowExceptionDetails disabled. - CVE-2017-8809 Reflected file download in API. - CVE-2017-8810 On private wikis...

CVE-2017-8815

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...