[SECURITY] Fedora 23 Update: kf5-kplotting-5.24.0-1.fc23

KPlotting provides classes to do plotting...

[SECURITY] Fedora 24 Update: kf5-kdbusaddons-5.24.0-1.fc24

KDBusAddons provides convenience classes on top of QtDBus, as well as an AP I to create KDED modules...

[SECURITY] Fedora 24 Update: kf5-kplotting-5.24.0-1.fc24

KPlotting provides classes to do plotting...

[SECURITY] Fedora 24 Update: kf5-kguiaddons-5.24.0-1.fc24

KDBusAddons provides convenience classes on top of QtGui...

Oracle Java MethodHandle Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the MethodHandle...

Oracle Java MethodHandles filterReturnValue Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation o...

CVE-2016-5229 - Deserialisation resulting in remote code execution caused by insufficient restriction on permitted deserialised classes

Bamboo had a resource that deserialised input from build agents and did not sufficiently restrict which classes could be deserialised. To exploit this issue, attackers need to have a valid Bamboo agent fingerprint or be able to run code on a Bamboo agent. Affected versions: All versions of Bamboo...

PrinceXML Wrapper Class Command Injection

While grabbing a copy PrinceXML, I noticed the company also offered some wrapper classes in various languages for using prince in server applications web applications. http://www.princexml.com/download/wrappers/ Taking a quick look at the PHP class, there are likely numerous command injection...

The vulnerability of the Firefox browser allows a hacker to gain access to a full list of disabled plugins.

The vulnerability of Firefox browsers is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to gain access to a complete list of disabled plugins, by using cascading style sheets and pseudo-classes...

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

CVE-2016-2832

CVE-2016-2832 affects Mozilla Firefox prior to 47.0, enabling information disclosure of disabled plugins via CSS pseudo-classes. Connected advisories indicate this vulnerability is addressed in Firefox 47 updates (e.g., openSUSE-2016-714/openSUSE-2016-704 patches). Affected component: CSS pseudo-...

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

FreeBSD : mozilla -- multiple vulnerabilities (8065d37b-8e7c-4707-a608-1b0a2b8509c3)

Mozilla Foundation reports : MFSA 2016-49 Miscellaneous memory safety hazards rv:47.0 / rv:45.2 MFSA 2016-50 Buffer overflow parsing HTML5 fragments MFSA 2016-51 Use-after-free deleting tables from a contenteditable document MFSA 2016-52 Addressbar spoofing though the SELECT element MFSA 2016-54...

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

CVE-2016-1687

Removed by vendor...

pcre: inefficient posix character class syntax check (8.38/16)

The pcrecompile function in pcrecompile.c in PCRE before 8.38 mishandles certain : nesting, which allows remote attackers to cause a denial of service CPU consumption or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

SUSE SLED12 Security Update : python-tornado (SUSE-SU-2016:1195-1)

The python-tornado module was updated to version 4.2.1, which brings several fixes, enhancements and new features. The following security issues have been fixed : - A path traversal vulnerability in StaticFileHandler, in which files whose names started with the staticpath directory but were not...

[SECURITY] Fedora 22 Update: xstream-1.4.9-1.fc22

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...