Fedora 23 : webkitgtk4 (2016-d957ffbac1)

This update addresses the following vulnerabilities : - CVE-2016-4622, CVE-2016-4624, CVE-2016-4591, CVE-2016-4590 Additional fixes : - Fix performance in accelerated compositing mode with the modesetting intel driver and DRI3 enabled. - Reduce the amount of file descriptors that the Web Process...

Arbitrary Code Injection

Overview Affected versions of reduce-css-calc pass input directly to eval. If user input is passed into the calc function, this may result in cross-site scripting on the browser, or remote code execution on the server. Proof of Concept const reduceCSSCalc = require'reduce-css-calc';...

NUUO NVRmini 2 <= 3.0.8 LFI Vulnerability - Active Check

NUUO NVRmini 2 devices are prone to a local file disclosure LFI vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Security Advisory - XSS Vulnerability in Huawei OceanStor ISM

The OceanStor ISM is an integrated system management software product that allows users to manages CSS, view CSS alarms and some other types of basic information, and configure basic functions. The management interface of the OceanStor ISM has a XSS vulnerability because the system does not escap...

[SECURITY] Fedora 23 Update: drupal7-theme-zen-5.6-1.fc23

Zen is a powerful, yet simple, HTML5 starting theme with a responsive, mobile-first grid design. If you are building your own standards-compliant theme, you will find it much easier to start with Zen than to start with Garland or Stark. This theme has fantastic online documentation...

[SECURITY] Fedora 24 Update: drupal7-theme-zen-5.6-1.fc24

Zen is a powerful, yet simple, HTML5 starting theme with a responsive, mobile-first grid design. If you are building your own standards-compliant theme, you will find it much easier to start with Zen than to start with Garland or Stark. This theme has fantastic online documentation...

NUUO NVRmini 2 Local File Information Disclosure Vulnerability

NUUO provides a stable and high performance digital networked surveillance system. NUUO NVRmini 2 suffers from a local file information disclosure vulnerability when an improperly validated 'css' parameter is passed into the 'cssparser.php' script. An attacker can exploit this vulnerability to le...

MediaWiki < 1.19.20 / 1.22.12 / 1.23.5 Multiple Vulnerabilities

Binary data 9474.prm...

chromium-browser: use-after-free in blink

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascadin...

CVE-2016-5127

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascadin...

Design/Logic Flaw

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascadin...

CVE-2016-5127

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascadin...

CVE-2016-5127

Removed by vendor...

[SECURITY] Fedora 24 Update: roundcubemail-1.2.0-1.fc24

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Zomato: CSS

Hey, This is not really an exploit or vulnerability but you might want to fix this in your CSS, or set a max length for a name etc...

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

CVE-2016-2832

CVE-2016-2832 affects Mozilla Firefox prior to 47.0, enabling information disclosure of disabled plugins via CSS pseudo-classes. Connected advisories indicate this vulnerability is addressed in Firefox 47 updates (e.g., openSUSE-2016-714/openSUSE-2016-704 patches). Affected component: CSS pseudo-...

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...

CVE-2016-2832

Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets CSS pseudo-classes...