Fedora Update for kf5-kemoticons FEDORA-2016-cef912e3a4

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Type confusion in display transformation — Mozilla

Using the Address Sanitizer tool, security researcher Nils reported a type confusion flaw in display transformation during rendering due to incorrect bounds checking. This leads to a potentially exploitable crash and can be triggered by web content...

WordPress Booking Calendar 6.2 Plugin - SQL Injection

Exploit for php platform in category web applications SQL injection vulnerability in Booking Calendar WordPress Plugin Abstract An SQL injection vulnerability exists in the Booking Calendar WordPress plugin. This vulnerability allows an attacker to view data from the database. The affected...

WordPress Plugin Booking Calendar 6.2 - SQL Injection

SQL injection vulnerability in Booking Calendar WordPress Plugin Abstract An SQL injection vulnerability exists in the Booking Calendar WordPress plugin. This vulnerability allows an attacker to view data from the database. The affected parameter is not properly sanitized or protected with an...

[SECURITY] Fedora 23 Update: kf5-sonnet-5.24.0-1.fc23

KDE Frameworks 5 Tier 1 solution for spell checking...

[SECURITY] Fedora 24 Update: kf5-sonnet-5.24.0-1.fc24

KDE Frameworks 5 Tier 1 solution for spell checking...

Fedora 23 : 2:qemu (2016-f2b1f07256)

CVE-2016-3710: incorrect bounds checking in vga bz 1334345 - CVE-2016-3712: out of bounds read in vga bz 1334342 - Fix USB redirection bz 1330221 - CVE-2016-4037: infinite loop in usb ehci bz 1328080 - CVE-2016-4001: buffer overflow in stellaris net bz 1325885 - CVE-2016-2858: rng stack...

Fedora 22 : 2:qemu (2016-a3298e39f7)

CVE-2016-3710: incorrect bounds checking in vga bz 1334345 - CVE-2016-3712: out of bounds read in vga bz 1334342 - Fix USB redirection bz 1330221 - CVE-2016-4037: infinite loop in usb ehci bz 1328080 - CVE-2016-4001: buffer overflow in stellaris net bz 1325885 - CVE-2016-2858: rng stack...

Micro Focus Rumba WallData.Macro PlayMacro Memory Corruption

A buffer overflow vulnerability has been reported in the WallData.Macro ActiveX control of Micro Focus Rumba. The vulnerability is due to a lack of bounds checking on an argument passed into the PlayMacro function. A remote, unauthenticated attacker could exploit this vulnerability by enticing a...

CVE-2016-5733

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted table name that is mishandled during privilege checking in...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted table name that is mishandled during privilege checking in...

CVE-2016-5733

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted table name that is mishandled during privilege checking in...

Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities

Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SYMANTEC-SEPM-MULTIPLE-VULNS.txt + ISR: ApparitionSec Vendor: ================ www.symantec.com Product: =========== SEPM Symantec Endpoint Protection Manager and client v12.1...

Apple Patches AirPort Remote Code Execution Flaw

Apple is keeping typically tight-lipped about a remote code execution vulnerability it patched in its AirPort router firmware. Last night, Apple released an advisory warning users of the AirPort Express, AirPort Extreme and AirPort Time Capsule base stations that a new firmware was...

[SECURITY] Fedora 24 Update: roundcubemail-1.2.0-1.fc24

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow

Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=724 nvAPIClient::Escape is the sole external method of nvAcclerator userclient type 0x2a0. It implements its own method and parameter demuxing using the struct-in...

Flexera FlexNet Publisher License Server Buffer Overflow (CVE-2015-8277)

Two buffer overflow vulnerabilities have been discovered in the FlexNet Publisher license server manager. These vulnerabilities are due to improper bounds checking in a custom strncpy function when handling requests received over the network. An attacker could leverage these vulnerabilities by...

PT-2016-07: Unauthorized Access in Vesta Control Panel

The specialists of the Positive Research center have detected an Unauthorized Access vulnerability in Vesta Control Panel. Directory /web/filemanager/ contains scenarios which perform file manager operations in control panel. Scenario files.php lacks active user session checking that allows...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes bsc970948. - CVE-2016-3136: mctu232: add sanity checking in probe bnc970955. - CVE-2016-2188: iowarrio...

AIX 7.2 : bos.net.tcp.bind_utils (U870384)

The remote host is missing AIX PTF U870384, which is related to the security of the package bos.net.tcp.bindutils. ISC BIND is vulnerable to a denial of service, caused by an error in db.c when parsing incoming responses. A remote attacker could exploit this vulnerability to trigger a REQUIRE...